Cloud (nice to have)
Vulnerability Management (regular)
penetration testing (regular)
threat modeling (regular)
Security testing tools (regular)
We’re looking for a hands-on Security Engineer to join our growing Product Security team.
The opportunity:Security engineers at Egnyte are involved in every stage of the SDLC pipeline to highlight security vulnerabilities and provide expert advice on reducing them. By promoting security principles, ongoing penetration testing, and developing “paved roads,” we’re able to provide our customers with a secure and reliable product.
Currently, we’re seeking an engineer who’s well-rounded in terms of application security and has in-depth expertise in one or more particular areas. You’ll be able to apply your skills to interesting challenges—joining Egnyte is an opportunity to work with diverse technologies and large-scale software (1 million users, 20k transactions per second, 28 Petabytes of data). Working closely with more senior security engineers will enable you to develop your expertise in the wide range of areas of your choosing.
To excel at this role, you need to be passionate about DevSecOps, as it’s something we’re genuinely committed to at Egnyte. Knowledge about cloud platform security practices and interest in developing security tooling are important as well. You will have a chance to develop security-oriented tools and processes from conception to completion.
Your day-to-day at Egnyte:
- Work with engineering teams providing expertise and advice regarding secure architecture, design, and implementation
- Develop reliable and scalable security-oriented tools
- Work with the rest of the Security Data Governance & Compliance team to ensure you achieve team objectives
- Perform blackbox and whitebox application and network penetration testing
- Reproduce, score, and further analyze issues reported through our bug bounty programs
- Identify opportunities for vulnerability remediation and mitigation
- Develop tools, documentation, processes, and techniques to ensure the security of our software
- Partner with engineering teams in the design phase of new products and features to conduct threat modeling, plus security architecture, design, and code reviews
- Share your experience with junior engineers to foster a culture of excellence
What skills are we looking for?
- 2+ years of application security experience, offensive security preferred
- Hands-on experience performing security code reviews
- Familiarity with concepts like Identity, Data protection, Monitoring, and IR in the cloud services space
- Solid knowledge of security testing tools and techniques
- Being a strong communicator who is comfortable working cross-functionally, with a track record of delivering results and demonstrating strong ownership.
- In-depth knowledge of OWASP guidelines
- Ability to write and deploy your own tools and automation (preferably in Python)
- Good command of English that allows you to effectively communicate and perform your tasks (B2/C1+)
- Experience with security assurance for desktop and mobile applications.
- Experience running penetration testing against cloud-native applications