Application & Product Security Engineer V

Role Overview

ID.me is looking for a Application and Product Security Engineer V to add to our rapidly growing security team. If you love innovation, here's your chance to make a career of it by advancing the digital identity ecosystem. We are seeking a talented Senior Application and Product Security Engineer who enjoys the challenges of planning, implementing, and upgrading security measures and controls, to include: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), API security, penetration testing, and supporting an expanding bug bounty program.

This team owns the end-to-end security of ID.me’s applications and products. Our engineers use their passion for security to navigate a fast-paced, ambiguous environment.

Responsibilities

• Identify, and support the deployment of a robust application security testing tooling in support of the application lifecycle of ID.me products
• Manage and optimize the application security testing suite in support of reducing vulnerabilities that are introduced into the ID.me production environment
• Support the expanding bug bounty and application penetration testing efforts across ID.me
• Participate in activities to support the integration of security controls throughout the SDLC
• Lead design reviews of new applications and products
• Lead security testing efforts against our applications, including code reviews, black/white box testing of applications, and maintaining a continuous testing methodology

Desired Qualifications

The qualifications below are ideal, but not all are required. We encourage candidates to apply if they satisfy some, but not all of the qualifications.

• 7+ years of experience in information security or equivalent experience
• 5+ years of experience in hands-on application and product security disciplines or equivalent experience
• Experience with cloud technologies (ie AWS, GCP, and/or Azure)
• Experience with threat modeling, systems analysis, and/or security design reviews
• Excellent written and verbal communication skills
• Understanding of application and product architectures, scripting based programming languages, web application stacks, and general approaches to implementation of an SDLC
• Demonstrate excellent judgment in prioritizing security efforts to mitigate the appropriate risks
• Ability to identify, analyze, and explain the present or future needs for proposed security initiatives to senior management
• Ability to influence with empathy and compassion
• Bonus: Experience with CI/CD practices and platform tools (Jenkins, CircleCI, Github etc)
• Bonus: Strong background with containers and orchestration technologies (Docker, Kubernetes, Helm)

Ideal candidate will thrive in our culture if they have a passion for:

• Building quality products with a mindset on safety and security
• Operating in a fast-moving and high-growth environment
• Working as a team player with an entrepreneurial work ethic
• Security, learning and continuous improvement

#LI-JS1