Security Engineer/Application Security
Location: Seattle, Washington
Salary: $160,000 plus $200,00 sign on plus $400,000 RSU
Your responsibilities will include:
· Security reviews for new products, technologies, and services
· Secure design, architecture, and implementation
· Secure development life-cycle (SDLC) practices including threat modeling and security testing
· Influence decision-makers and stakeholders throughout the organization in multiple teams to achieve a consistently high security bar
· Lead penetration testing engagements and create new testing methods and exploits
· Create security guidance and documentation
· Develop security tools and automation
· Develop and deliver security training and outreach to internal development teams
· Develop and improve metrics that drive desired behavior and security outcomes
· Lead security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership
· Support for mentoring, team building and recruiting activities
BASIC QUALIFICATIONS:
· Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience
· Minimum of 5 years of professional experience with any combination of at least 3 technical disciplines, including the following: cloud security, network security, application security, mobile security, secure development methodologies, software development and coding, identity management, authentication and authorization, network architecture, system administration, and systems engineering
· Minimum 3 years of experience with complex system, network, or service architecture and design
· Minimum 3 years of experience experience with applied cryptography
· Minimum 3 years of experience experience building or reviewing threat models
· Minimum 3 years of experience experience with conducting security assessments, including penetration testing or red teaming
PREFERRED QUALIFICATIONS:
· Exceeds expectations for Leadership Principles for this role
· Exceeds expectations for functional and technical depth and complexity for this role
· Ability to lead through influence across a broad set of stakeholders at the company within a secure development life-cycle for multiple products and technologies, meeting customer expectations for security
· Experience implementing complex security solutions that resolve security and business risk trade-offs and have broad influence across multiple services
· A deep understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP)
· A deep understanding of cryptography, web service frameworks, mobile application architectures, and multiple service architectures (such as event-driven, service-oriented, and serverless architectures)
· Experience with reverse engineering or vulnerability research
· Familiarity with physical, infrastructure, or hardware security
· Experience with multiple programming languages (such as Java, C++, Ruby, Python, Perl) for both tool development and code review
· Excellent written and verbal communication skills
· Ability to communicate deep technical issues in terms of security and business risk with non-experts and senior leaders