Id.Me - Mountain View, CA

posted about 2 months ago

Full-time - Mid Level
Mountain View, CA
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

ID.me is seeking a talented Senior Application and Product Security Engineer IV to join our rapidly growing security team. This role is pivotal in advancing the digital identity ecosystem by planning, implementing, and upgrading security measures and controls. The successful candidate will be responsible for a variety of security testing methodologies, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), API security, and penetration testing. Additionally, the engineer will support an expanding bug bounty program, ensuring the end-to-end security of ID.me's applications and products. In this position, you will support the deployment of a robust application security testing tooling that aligns with the application lifecycle of ID.me products. You will maintain and improve the application security testing suite to reduce vulnerabilities introduced into the production environment. Your role will also involve participating in activities that integrate security controls throughout the Software Development Life Cycle (SDLC), reviewing designs of new applications and products, and conducting security testing efforts, including code reviews and black/white box testing. We are looking for someone who thrives in a fast-paced, ambiguous environment and has a passion for security. The ideal candidate will have a strong understanding of application and product architectures, scripting-based programming languages, and web application stacks, along with the ability to prioritize security efforts effectively. This role offers an exciting opportunity to contribute to a company that is committed to building a robust identity network while ensuring security and safety in its products.

Responsibilities

  • Support the deployment of a robust application security testing tooling in support of the application lifecycle of ID.me products.
  • Maintain and improve the application security testing suite in support of reducing vulnerabilities that are introduced into the ID.me production environment.
  • Support the expanding bug bounty and application penetration testing efforts across ID.me.
  • Participate in activities to support the integration of security controls throughout the SDLC.
  • Assist in the process to review designs of new applications and products.
  • Participate in the security testing efforts against our applications, including code reviews, black/white box testing of applications, and maintaining a continuous testing methodology.

Requirements

  • 3-5 years of experience in information security or equivalent experience.
  • 2-3 years of experience in hands-on application and product security disciplines or equivalent experience.
  • Experience with cloud technologies (ie AWS, GCP, and/or Azure).
  • Experience with threat modeling, systems analysis, and/or security design reviews.
  • Familiarity with SAST, DAST, SCA, and penetration testing methodologies.
  • Good written and verbal communication skills.
  • Understanding of application and product architectures, scripting based programming languages, web application stacks, and general approaches to implementation of an SDLC.
  • Ability to prioritize security efforts to mitigate the appropriate risks.
  • Ability to identify, analyze, and explain the present or future needs for proposed security initiatives to team leads.
  • Ability to influence with empathy and compassion.

Nice-to-haves

  • Experience with CI/CD practices and platform tools (Jenkins, CircleCI, Github etc).
  • Background with containers and orchestration technologies (Docker, Kubernetes, Helm).

Benefits

  • Comprehensive medical, dental, and vision insurance.
  • Health savings account and flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts).
  • Basic and voluntary life and AD&D insurance.
  • 401(k) with company match.
  • Parental leave.
  • Unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company-wide holidays.
  • Short and long-term disability insurance.
  • Accident and critical illness insurance.
  • Referral bonus policy.
  • Employee assistance program.
  • Pet insurance.
  • Travel assistant program.
  • Wellbeing and childcare discounts.
  • Benefit advocates.
  • Learning and development benefit.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service