Id.Me - McLean, VA

posted about 2 months ago

Full-time - Senior
McLean, VA
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

ID.me is seeking a talented Senior Application and Product Security Engineer IV to join our rapidly growing security team. This role is pivotal in advancing the digital identity ecosystem by planning, implementing, and upgrading security measures and controls. The successful candidate will be responsible for a variety of security testing methodologies, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), API security, and penetration testing. Additionally, the engineer will support an expanding bug bounty program, ensuring the end-to-end security of ID.me's applications and products. This position requires a passion for security and the ability to navigate a fast-paced, ambiguous environment, making it an exciting opportunity for those who thrive on innovation and challenge. The responsibilities of this role include supporting the deployment of a robust application security testing tooling throughout the application lifecycle of ID.me products. The engineer will maintain and improve the application security testing suite to reduce vulnerabilities introduced into the production environment. They will also support the expanding bug bounty and application penetration testing efforts across ID.me, participate in activities to integrate security controls throughout the Software Development Life Cycle (SDLC), assist in reviewing designs of new applications and products, and engage in security testing efforts against applications, including code reviews and black/white box testing. This role is essential in ensuring that security is a priority at every stage of product development.

Responsibilities

  • Support the deployment of a robust application security testing tooling in support of the application lifecycle of ID.me products
  • Maintain and improve the application security testing suite in support of reducing vulnerabilities that are introduced into the ID.me production environment
  • Support the expanding bug bounty and application penetration testing efforts across ID.me
  • Participate in activities to support the integration of security controls throughout the SDLC
  • Assist in the process to review designs of new applications and products
  • Participate in the security testing efforts against our applications, including code reviews, black/white box testing of applications, and maintaining a continuous testing methodology

Requirements

  • 3-5 years of experience in information security or equivalent experience
  • 2-3 years of experience in hands-on application and product security disciplines or equivalent experience
  • Experience with cloud technologies (ie AWS, GCP, and/or Azure)
  • Experience with threat modeling, systems analysis, and/or security design reviews
  • Familiarity with SAST, DAST, SCA, and penetration testing methodologies
  • Good written and verbal communication skills
  • Understanding of application and product architectures, scripting based programming languages, web application stacks, and general approaches to implementation of an SDLC
  • Ability to prioritize security efforts to mitigate the appropriate risks
  • Ability to identify, analyze, and explain the present or future needs for proposed security initiatives to team leads
  • Ability to influence with empathy and compassion

Nice-to-haves

  • Experience with CI/CD practices and platform tools (Jenkins, CircleCI, Github etc)
  • Background with containers and orchestration technologies (Docker, Kubernetes, Helm)

Benefits

  • Comprehensive medical, dental, and vision insurance
  • Health savings account
  • Flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts)
  • Basic and voluntary life and AD&D insurance
  • 401(k) with company match
  • Parental leave
  • Unlimited paid time off subject to the terms and conditions of the PTO policy
  • 8 company-wide holidays
  • Short and long-term disability insurance
  • Accident and critical illness insurance
  • Referral bonus policy
  • Employee assistance program
  • Pet insurance
  • Travel assistant program
  • Wellbeing and childcare discounts
  • Benefit advocates
  • Learning and development benefit
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service