Principal Application Security Architect

About Us:

SentinelOne is defining the future of cybersecurity through our XDR platform that automatically prevents, detects, and responds to threats in real-time. Singularity XDR ingests data and leverages our patented AI models to deliver autonomous protection. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. 

We are a values-driven team where names are known, results are rewarded, and friendships are formed. Trust, accountability, relentlessness, ingenuity, and OneSentinel define the pillars of our collaborative and unified global culture. We're looking for people that will drive team success and collaboration across SentinelOne. If you’re enthusiastic about innovative approaches to problem-solving, we would love to speak with you about joining our team!

SentinelOne is looking for a Principal Application Security Architect to create and deploy measurably effective Secure Software Development Lifecycle (SSDL) practices throughout the company. The candidate should have a background in penetration testing, Application Security assurance in a major development company and developing/deploying proactive security solutions. We need highly motivated security and technical experts to join SentinelOne’s InfoSec team to solve the problems of tomorrow while continuing to build and secure the foundation of today. Security Architects/Engineers work hands-on with technology in researching, designing, and implementing capabilities and defenses to secure and protect SentinelOne’s critical infrastructure and applications. You will also work with some of the most advanced product and platform engineers to proactively engineer security solutions.

As a Principal Application Security Architect, you will be responsible for leading and driving the development of our Application Security & Product Security program. This includes implementing and managing security controls, conducting security assessments and audits, and working closely with development teams to ensure that our applications are secure.

Responsibilities:

• Staying up-to-date on the latest security trends and technologies, and for evangelizing secure coding practices throughout the organization.
• Develop and implement a comprehensive AppSec & ProdSec program
• Conduct security assessments and audits to identify and address potential vulnerabilities
• Work closely with development teams to ensure that security is integrated into the development process
• Define, Communicate and evangelize application security best practices
• Collaborating with development, DevOps, Architecture, Product, R&D, Compliance and other stakeholders in evaluating, integrating and/or building AppSec solutions for securing SentinelOne products
• Provide hands-on remediation guidance to development teams
• Work with Security Champions to bring ‘security-minded’ engineers to the center of the solutions and operate on a model of empowerment towards scaling the program
• Review application architectures and implementation details for design flaws, incorrect security implementation and missing security controls
• Create threat models to communicate risks to engineers, project managers and other technical teams
• Work on SentinelOne Bug Bounty program and work with external researchers to surface known vulnerabilities, evaluate impact, recommend solutions and bring them to closure
• Evaluate security posture of SentinelOne products on a periodic basis by internally pentesting and/or externally conducting pentests based on SOC2, FedRAMP and other compliance standards

 Job Requirements

• Strong background in Application/Product Security and developing secure coding best practices
• Strong analytical and problem-solving abilities
• Knowledge of the nature and sources web application and database vulnerabilities, how to identify and exploit them
• Knowledge of the nature and sources network and host application vulnerabilities
• Vast knowledge in computer security issues, requirements and trends
• Hands on experience in Threat Modeling, SAST, DAST, and Web application security including OWASP top 10, CWE top 25 and SANS 25
• Programming experience in Java, J2EE, NodeJS, Go, C++
• Experience leading and mentoring a team of security professionals
• In-depth knowledge of security standards and best practices
• Experience with security testing tools and methodologies
• Prior experience involving pentesting red teaming desired but not required
• Excellent communication and interpersonal skills
• Familiarity with Secure Software Development lifecycle SSDL
• Knowledge of Penetration test techniques
• Experience with implementing cloud-based container vulnerability scanning tools
• Experience with container management and containerization technology
• Team player, able to deal with conflict, handling ambiguity and a quick learner
• Software security expertise (strong development background)
• Knowledge of working with virtualized environments
• Familiarity with JWT, CORS, CSRF, OAuth, SSO, TLS, OWASP
• Experience with cloud security, specifically AWS, HSMs and certificate management

Education:

• BSEE, CS or other relevant technical degree required. 8+ years professional related experience or Master’s Degree and 6+ years, or Doctorate and 4+ years
• OSCP, OSCE, CEH, CISSP certification preferred

#LI-FL1

SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

SentinelOne participates in the E-Verify Program for all U.S. based roles.