Product Security Engineer
strongDM
Remote job description
strongDM is a customer-first, second, and third company with a rabid fan base. When was the last time you heard things like:
* Splunk's CISO Joel Fulton says "strongDM gives you what you can't get any other way -- the ability to see what happens, replay and analyze incidents."
* Chef's co-founder Adam Jacob says "strongDM takes the friction out of getting staff access to the systems they need."
Customers love us because:
The product rocks: strongDM fundamentally changes the relationship between InfoSec, DevOps, and end users. Enforce the controls security needs while making it easier to facilitate access.
They can trust us: we built a technical product for technical buyers. We do not use jargon. There is no alternative but to always be technically accurate. We are not afraid to admit product gaps.
We're real humans: we built a serious product without taking ourselves too seriously. Each member of the team is deadly good at their job, and yet we crack jokes on the phone with customers.
Do you like to poke at systems...
...and see how you can break them? Come and poke at our platform and the systems we use for delivering it! As a Product Security Engineer you'll be working on making our platform as secure as we possibly can, so that our customers can unconditionally trust us.
Summary
Company name: strongDM
Remote job title: Product Security Engineer
Job tags: Vulnerability Management, CEH, Product Security
* Splunk's CISO Joel Fulton says "strongDM gives you what you can't get any other way -- the ability to see what happens, replay and analyze incidents."
* Chef's co-founder Adam Jacob says "strongDM takes the friction out of getting staff access to the systems they need."
Customers love us because:
The product rocks: strongDM fundamentally changes the relationship between InfoSec, DevOps, and end users. Enforce the controls security needs while making it easier to facilitate access.
They can trust us: we built a technical product for technical buyers. We do not use jargon. There is no alternative but to always be technically accurate. We are not afraid to admit product gaps.
We're real humans: we built a serious product without taking ourselves too seriously. Each member of the team is deadly good at their job, and yet we crack jokes on the phone with customers.
Do you like to poke at systems...
...and see how you can break them? Come and poke at our platform and the systems we use for delivering it! As a Product Security Engineer you'll be working on making our platform as secure as we possibly can, so that our customers can unconditionally trust us.
What You'll Do:
- Run our platform security assessments, including internal and external penetration tests & source code reviews
- Manage our vulnerability disclosure and bug bounty programs, interacting as the glue between our internal engineering teams and the security researchers reporting to us
- Perform red team testing on the platform, trying to break things before they get into production
- Develop automation to find and remediate security misconfigurations across all platform components (and business systems too!)
- Have direct input on the security posture and design decisions of the strongDM Platform
- Team up with the rest of the Security Department to educate your fellow employees on current security threats and best practices for secure development
- Work with the Governance, Risk, and Compliance team to establish and test controls in support of our SOC 2 and FedRAMP programs
Requirements:
- You're familiar with the SaaS-based vulnerability management platforms on the market
- You can explain the why behind policies and standards in a way that both technical and non-technical folks understand
- General knowledge of platforms and tools available to secure software and systems development
- You know that we are here to support and serve the business, not the other way around
- Have a "Yes, and..." attitude, be willing to own failure, and speak up when you see room for improvement
- Experience working at a high-growth startup with a culture of incredible customer support
- Alphabet soup of certs you may have but are in no way required: CEH, PenTest+, GPEN, GWAPT, OSCP, OSWE, CSSLP,
Compensation:
- Competitive base + equity salary packages
- Company sponsored benefits, including:
- Medical, dental, and vision insurance (free to employees and dependents)
- 401k, HSA, FSA, short / long-term disability coverage, life insurance
- 4 weeks accrued PTO + sick days + volunteer days + standard holidays, paid parental leave
- Stipend for internet and phone + home office budget
- No travel required
Summary
Company name: strongDM
Remote job title: Product Security Engineer
Job tags: Vulnerability Management, CEH, Product Security
-
location or timezone
-
category
DevOps and SysAdmin -
posted
849 days ago
United Stateshttps://www.remote.io/remote-devops-and-sysadmin-jobs/product-security-engineer-22187