Application Security Engineer

About Us:

SentinelOne is defining the future of cybersecurity through our XDR platform that automatically prevents, detects, and responds to threats in real-time. Singularity XDR ingests data and leverages our patented AI models to deliver autonomous protection. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. 

We are a values-driven team where names are known, results are rewarded, and friendships are formed. Trust, accountability, relentlessness, ingenuity, and OneSentinel define the pillars of our collaborative and unified global culture. We're looking for people that will drive team success and collaboration across SentinelOne. If you’re enthusiastic about innovative approaches to problem-solving, we would love to speak with you about joining our team!

SentinelOne is looking for an Application Security Engineer to create and deploy measurably effective Secure Software Development Lifecycle (SSDL) practices throughout the company. The candidate should have a background in Penetration testing, Application Security assurance in a major development company and developing/deploying proactive security solutions. We need highly motivated security and technical experts to join SentinelOne’s InfoSec team to solve the problems of tomorrow while continuing to build and secure the foundation of today. Security Architects/Engineers work hands-on with technology in researching, designing, and implementing capabilities and defenses to secure and protect SentinelOne’s critical infrastructure and applications. You will also work with some of the most advanced product and platform engineers to proactively engineer security solutions.

As an AppSec Engineer, you will be responsible for implementing and scaling the development of our Application Security & Product Security program. This includes managing security controls, conducting security assessments and audits, running scans, triaging and working closely with development teams to ensure that our applications are secure.

Responsibilities:

• Staying up-to-date on the latest security trends and technologies, and for evangelizing secure coding practices throughout the organization.
• Conduct security assessments and audits to identify and address potential vulnerabilities
• Work closely with development teams to ensure that security is integrated into the development process
• Evangelize secure coding practices throughout the organization
• Provide hands-on remediation guidance to development teams
• Review application architectures and implementation details for design flaws, incorrect security implementation and missing security controls
• Work on SentinelOne Bug Bounty program and work with external researchers to surface known vulnerabilities, evaluate impact, recommend solutions and bring them to closure
• Utilize static application vulnerability scanning and configuration using tools like Snyk, Checkmarx, Coverity, TruffleHog etc.
• Utilize dynamic application vulnerability scanning and configuration using tools like OWASP ZAP, AppScan, Acunetix, NeuroLegion etc
• Evaluate security posture of SentinelOne products on a periodic basis by internally pentesting and/or externally conducting pentests based on SOC2, FedRAMP and other compliance standards

 Job Requirements

• Strong background in Application/Product Security and developing secure coding best practices
• Strong analytical and problem-solving abilities
• Knowledge of the nature and sources web application and database vulnerabilities, how to identify and exploit them
• Knowledge of the nature and sources network and host application vulnerabilities
• Hands on experience in Threat Modeling, SAST, DAST, and Web application security including OWASP top 10, CWE top 25 and SANS 25
• Experience with security testing tools and methodologies
• Familiarity with Secure Software Development lifecycle SSDL
• Knowledge of Penetration test techniques
• Experience with Cloud and virtualized technology in environments such as AWS or GCP
• Experience with implementing cloud-based container vulnerability scanning tools
• Experience with container management and containerization technology
• Team player, able to deal with conflict, handling ambiguity and a quick learner
• Software security expertise (strong development background)
• Understanding of AWS and commonly used AWS services
• Ability to automate tasks using a scripting language (Python, Ruby, etc)
• Expert-level knowledge of leading vulnerability scanning tools (Checkmarx, Fortify, Qualys, Rapid7, Burp, ZAP etc.)
• An ability to interpret scan results is a must (e.g., code analysis skills)

SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

SentinelOne participates in the E-Verify Program for all U.S. based roles.