Job Summary:
As an Product Security Engineer working in our Federal accounts, you will gain invaluable experience at a visionary identity security company. The position requires a passion for application security, solving both technical and organizational changes, with the ability to work in a challenging, distributed and Infrastructure-as-Code development environment, excellent communications skills, and attention to latest security best practices.
Responsibilities:
• Own multiple Security Engineering assignments working with Ping Identity products, processes, and tooling • Assist in proposing, developing, and improving Secure Software Development Lifecycle (SSDLC) practices alongside global, high-performance product engineering teams • Work with the product teams to perform security design/code reviews and vulnerability assessment and management in an agile environment • Perform application security tasks including threat modeling, developer code reviews, consulting, static code analysis, dynamic runtime fuzzing, building custom tools, and automation and exploit development • Assist the Federal presales, support and customer success teams responding to prospect, customer and field questions related to product and industry security • Engage with third-party security consultants for independent security assessments, bug bounties and penetration testing of the product
Required Qualifications:
Meet US citizenship and residency requirements for FedRAMP engagements 2+ years of application security in a mix of Enterprise Application Security, API Security, Web Application Security, and Mobile Application Security 3+ years of developing commercial software products Understanding of networking protocols and modern data center architecture Exceptional problem-solving skills, curious about the inner workings of systems and showing attention to details and documentation Excellent written and oral communication skills
Desired Qualifications:
Experience in security and compliance for FedRAMP solutions: Understanding of NIST, DoD, and related security standards Experience with Linux environments, administration, security, internals Experience with identity management (e.g. OAuth 2.0, OpenID Connect, SAML 2.0, Active Directory, 2FA/MFA, LDAP, SCIM, FAPI, OpenBanking) Experience with CI/CD in Federal or US government cloud deployment in Amazon AWS, AWS GovCloud, Azure or Google Cloud Platform Experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible Experience in containerization with Docker or Podman Experience in container management with Kubernetes and Helm Experience in vulnerability management measurement, reporting and remediation Security certifications such as CISSP, CSSLP, GIAC, OSCP
Salary Range:
$133,060-$175,000
In accordance with Colorado's Equal Pay for Equal Work Act (SB 19-085) the approximate compensation range for this role in Colorado is listed above. Final compensation for this role will be determined by various factors, such as knowledge, skills, and abilities.