Id.Me - McLean, VA
posted about 2 months ago
ID.me is seeking a talented Senior Application and Product Security Engineer IV to join our rapidly growing security team. This role is pivotal in advancing the digital identity ecosystem by planning, implementing, and upgrading security measures and controls. The successful candidate will be responsible for a variety of security testing methodologies, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), API security, and penetration testing. Additionally, the engineer will support an expanding bug bounty program, ensuring the end-to-end security of ID.me's applications and products. This position requires a passion for security and the ability to navigate a fast-paced, ambiguous environment, making it an exciting opportunity for those who thrive on innovation and challenge. The responsibilities of this role include supporting the deployment of a robust application security testing tooling throughout the application lifecycle of ID.me products. The engineer will maintain and improve the application security testing suite to reduce vulnerabilities introduced into the production environment. They will also support the expanding bug bounty and application penetration testing efforts across ID.me, participate in activities to integrate security controls throughout the Software Development Life Cycle (SDLC), assist in reviewing designs of new applications and products, and engage in security testing efforts against applications, including code reviews and black/white box testing. This role is essential in ensuring that security is a priority at every stage of product development.