Principal Security Engineer, Product Security - United States
Atlanta, GA - Remote
Applications have closed
JumpCloud
JumpCloud's revolutionary directory unifies device and identity on Windows, Mac, and Linux with cloud based SSO, MDM, MFA, PAM, and more.About JumpCloudJumpCloud’s mission is to Make Work Happen®, providing simple, secure access to an organization’s technology resources from any device, or any location. The JumpCloud Open Directory Platform gives IT, security operations, and DevOps a single, cloud-based solution to control and manage employee identities and their devices, and apply conditional access controls based on Zero Trust principals. Since launching in 2012, our global user base has grown to more than 150,000 organizations, with more than 5,000 paying customers including Cars.com, GoFundMe, Grab, Uplight, ClassPass and Peloton. JumpCloud has raised over $400M from world-class investors including Sapphire Ventures, General Atlantic, Sands Capital, Atlassian, and CrowdStrike. Our teams are growing fast, too, and we're looking for talent across engineering, sales, customer success, marketing, product management, and more. Join our team of dedicated, passionate, and creative people who are eager to change the IT industry forever.
About the Role:
The Principal Security Engineer, SecOps role is responsible for Threat Modeling, product security design reviews, secure coding (SDLC) efforts, and risk assessment/adjustment.
Primary Responsibilities/Duties:
- Lead our Threat Modeling initiative
- Perform Threat Modeling activities and product security design reviews
- Lead policy and implementation of SDLC practices
- Lead our Responsible Vulnerability Disclosure Program
- Assist engineering leadership and architects in designing secure products
- Ensure product security findings are triaged, reproducible, and provide guidance on resolution
- Coordinate 3rd party penetration tests
- Lead Red Team efforts
Additional Responsibilities/Opportunities for growth:
- Depending on your skillset and interest level, the following responsibilities are available to all members of the security team:
- Assist in CSIRT efforts – including incident response, mitigation, and forensics
- Assist in DevSecOps efforts – including the implementation, creation, and/or configuration of security tooling, services, and infrastructure
Qualifications And Skills:
- Expertise in application-level vulnerability testing or building software security controls
- Substantial knowledge of common web application attacks and defense strategies (e.g. OWASP Top 10, critical controls, and CWE Top 25)Expertise in detection, exploitation, and prevention of security vulnerabilities.
- In-depth technical knowledge of software development, security engineering, computer and network security, authentication, security protocols, certificates, and applied cryptography.
- Expertise with AWS and AWS security best practices
- In-depth technical knowledge of containerization (kubernetes) and protecting cloud-native architectures
- Minimum of 8 years of experience with any combination of the following: penetration testing, threat modeling, secure software development, application security, product security
- Experience with multiple programming languages (e.g., Python, Golang, JavaScript, Swift)
- Understand the people aspects of security and enjoy collaborating with others to build secure things
Personal Characteristics:
- Views security as an enabler, not an inhibitor to innovation
- Results oriented
- High Level of Integrity
- Ownership and Accountability
- High Level of Autonomy
- Clear Communication
- Creative Problem Solver
- Passionate about Security
JumpCloud provides a comprehensive benefits package, with several medical plans to choose from including a high deductible HSA plan with employer contribution, two dental plans, vision insurance, flexible spending account (FSA), employee assistance program (EAP), short- and long-term disability, life insurance and a 401k savings plan with match. We have an flexible paid time off policy.
#LI-JW1
Where you’ll be working/Location:JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in this Job Description. For US Roles: All roles posted in United States locations do require that you be located within one of the 50 U.S. States. Our Headquarters is in the Denver/Boulder, CO area but as a remote company, you are able to work remotely anywhere in the U.S. If you would like to spend time in our offices in the Denver/Boulder area, you are welcome to do that as well.
Why JumpCloud? If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.
One of JumpCloud's three core values is to “Build Connections.” To us that means creating " human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed." - Rajat Bhargava, CEO. JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud. Please note JumpCloud is not accepting third party resumes at this time.
#LI-Remote #BI-Remote
Tags: Application security AWS Business Intelligence Cloud CrowdStrike Cryptography CSIRT DevOps DevSecOps Forensics Golang Incident response JavaScript Kubernetes Network security OWASP Pentesting Product security Python Red team Risk assessment SaaS SDLC SecOps Vulnerabilities Zero Trust
Perks/benefits: 401(k) matching Career development Flex hours Flexible spending account Flex vacation Health care Insurance Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs