Senior Security Engineer
LogRhythm, a Thoma Bravo company, empowers more than 4,000 customers across the globe to measurably mature their security operations program. LogRhythm’s award-winning NextGen SIEM Platform delivers comprehensive security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) within a single, integrated platform for rapid detection, response, and neutralization of threats. Built by security professionals for security professionals, LogRhythm enables security professionals at leading organizations like NASA, XcelEnergy, and Temple University to promote visibility for their cybersecurity program and reduce risk to their organization each and every day. LogRhythm is the only provider to earn the Gartner Peer Insights Customers’ Choice for SIEM designation three years in a row.
Who we are looking for:
LogRhythm is seeking a Senior Application Security Engineer to assist our team in shipping secure products. This role will have a significant focus on penetration testing and remediation. You will help ensure that LogRhythm products adhere to corporate and product certification requirements, securing LogRhythm’s development and production environments, and protecting customer data.
You will perform application security assessments, penetration testing, threat modeling, and code reviews. You will also deliver security training for developers, and generally raise developer awareness of security best practices. You will work cross functionally with your peers in the engineering organization.
Here’s an overview of the responsibilities & challenges ahead:
- Perform manual and automated security assessments (e.g. pen testing, code reviews, vulnerability scanning, etc.) to drive measurable security improvements in LogRhythm’s products. Review assessment reports and coordinate with engineering to ensure findings are remediated.
- Assist in implementing automated DevSecOps practices into product CI/CD pipelines and cloud environments.
- Be an active participate in advocating for and improving security throughout the SDLC.
- Provide training and mentorship on secure coding best practices to engineering team members.
- Consult with development and operations teams to provide mentorship and recommend secure design patterns.
- Remain ahead of emerging and active threats: leverage pen testing tools, develop custom offensive and defensive tools, review and apply the latest security research / threat intelligence.
Required skills, background, and experience:
- Bachelor’s degree in Computer Science or related field.
- 5+ years experience in Application Security
- Experience with penetration testing web-based SaaS applications and systems operating out of Cloud infrastructure (AWS, GCP, Azure, etc.).
- Knowledge of application-level attacks and mitigation methods, with a thorough understanding of OWASP top 10.
- Knowledge of DAST, SAST, 3rd party dependency, and container image security scanning.
- Understanding of compliance standards and how they impact software products and cloud operations.
- General security and offensive security assessment certifications a plus: CISSP, CEH, OSCP, GPEN, etc.
- Contributions to the security community a plus: research papers, public CVEs, conference talks, open source, etc.
Salary and Other Compensation
- The annual starting salary for this position is between $120,000-150,000 depending on experience and other qualifications of the successful candidate.
- LogRhythm offers the following benefits for this position, subject to applicable eligibility requirements.
- 401k plan
- Flexible time off
- Employee assistance program
- Employees are eligible to receive incentive units
- Created:/ Revised Date: May 10th, 2021
- Reporting to: - Director, Customer Success
- Location: - Boulder, Colorado (will consider US remote working)
- Employment Status: - Full Time
- FLSA/ Applicable State Law Status- Exempt
Workplace equality & inclusion are not just words or topics for LogRhythm, they are part of our core values, beliefs, and integral to our company culture. We hire the best of the best and do not discriminate based on race, gender, age, religion, sexual orientation, identity, or other personal factors. LogRhythm was built on the principals of innovation, dedication, creativity, and commitment. It is through these key areas we were able to grow as an equal and inclusive workplace, one where our employees feel respected and safe in.
Disclaimer: The salary, other compensation, and benefits information is accurate as of the date of this posting. The company reserves the right to modify this information at any time, subject to applicable law.
More Information Security position highlights
- Explore open Information Security Architect Jobs
- Explore open SOC Analyst Jobs
- Explore open Threat Intelligence Response Analyst Jobs
- Explore open Senior Penetration Tester Jobs
- Explore open Staff Security Engineer Jobs
- Explore open Information Security Officer Jobs
- Explore open Vulnerability Analyst Jobs
- Explore open Software Security Engineer Jobs
- Explore open Threat Intelligence Analyst Jobs
- Explore open Infrastructure Security Engineer Jobs
- Explore open Computer Network Defense & Incident Response Analyst - Mid to Senior Level Jobs
- Explore open DevOps Security Engineer Jobs
- Explore open Senior Information Security Engineer Jobs
- Explore open Chief Information Security Officer Jobs
- Explore open IAM Engineer Jobs
- Explore open Computer Forensic Software Engineer Jobs
- Explore open Staff Engineer, Cloud Security Jobs
- Explore open Manager, Cybersecurity and Trust Jobs
- Explore open Sr. Software Engineer - Detection Engineering Jobs
- Explore open Cybersecurity Analyst Jobs
- Explore open Cybersecurity Engineer Jobs
- Explore open Personnel Security Officer Jobs
- Explore open Engineering Manager - Information Security, Bangalore Jobs
- Explore open Senior Information Security Analyst Jobs
- Explore open Cyber Threat Analyst Jobs
- Explore open Clearance-related jobs
- Explore open CEH-related jobs
- Explore open Audits-related jobs
- Explore open Open Source-related jobs
- Explore open Forensics-related jobs
- Explore open PCI-related jobs
- Explore open Risk management-related jobs
- Explore open IDS-related jobs
- Explore open NIST-related jobs
- Explore open Ruby-related jobs
- Explore open OSCP-related jobs
- Explore open Machine Learning-related jobs
- Explore open Splunk-related jobs
- Explore open AI-related jobs
- Explore open Google-related jobs
- Explore open IPS-related jobs
- Explore open Security assessments-related jobs
- Explore open Threat detection-related jobs
- Explore open Encryption-related jobs
- Explore open Unix-related jobs
- Explore open Docker-related jobs
- Explore open DNS-related jobs
- Explore open PowerShell-related jobs
- Explore open TCP/IP-related jobs