Sign upLog in
Security Analysis Jobs

Product Security Engineer - Federal

Ping Identity Holding Corp

CO

Apply
JOB DETAILS
SALARY
$19–$85 Per Hour
SKILLS
Amazon Web Services (AWS), Analysis Skills, Ansible, Applications Security, Authentication, Automation, Best Practices, CISSP - Certified Information Systems Security Professional, Cloud Applications, Cloud Computing, Code Reviews, Communication Skills, Computer Security, Consulting, Continuous Deployment/Delivery, Continuous Integration, Customer Support/Service, Detail Oriented, Docker, Documentation, Federal Government, Fuzz Testing, GCP (Good Clinical Practices), GIAC - Global Information Assurance Certification, Identity Data Management, Java, LDAP (Lightweight Directory Access Protocol), Linux Administration, Machine Tool, Microsoft Active Directory, Microsoft Windows Azure, Network Operations Center, Network Protocols, OAuth, OpenID, Penetration Testing, Pre-Sales, Problem Solving Skills, Product Engineering, Product Testing, Sales Prospecting, Security Analysis, Security Assertion Markup Language (SAML), Security Design, Security Software, Software Development Lifecycle (SDLC), Static Analysis, Team Player, Threat Modeling, U.S. National Institute of Standards and Technology (NIST), United States Citizen, United States Department of Defense (DoD)
LOCATION
CO
POSTED
30+ days ago

Job Summary:

As a Product Security Engineer working in our Federal accounts, you will gain invaluable experience at a visionary identity security company. The position requires a passion for application security, solving both technical and organizational challenges, with the ability to work in a challenging, distributed and Infrastructure-as-Code development environment, excellent communications skills, and attention to the latest security best practices.

This role focuses on product security (application security) for Ping's identity platform. Product Security Engineers partner closely with engineering teams to review code, identify vulnerabilities, and improve the security posture of production software across Ping's revenue-generating products.

We are particularly interested in engineers who developed a passion for security and transitioned into application security or DevSecOps roles. Candidates with a background in software engineering, platform engineering, or DevOps who now focus on security are strongly encouraged to apply.

Responsibilities:

  • Own multiple Security Engineering assignments working with Ping Identity products, processes, and tooling
  • Assist in proposing, developing, and improving Secure Software Development Lifecycle (SSDLC) practices alongside global, high-performance product engineering teams
  • Work with the product teams to perform security design/code reviews and vulnerability assessment and management in an agile environment
  • Perform application security tasks including threat modeling, developer code reviews, consulting, static code analysis, dynamic runtime fuzzing, building custom tools, and automation and exploit development
  • Assist the Federal presales, support, and customer success teams responding to prospect, customer, and field questions related to product and industry security
  • Engage with third-party security consultants for independent security assessments, bug bounties, and penetration testing of the product

Required Qualifications:

  • Ability to meet U.S. citizenship and residency eligibility requirements associated with supporting FedRAMP-regulated environments
  • 2+ years of application security experience across areas such as API Security, Web Application Security, Enterprise Application Security, and Mobile Application Security
  • 3+ years of developing commercial software products
  • Hands-on experience working with Secure Software Development Lifecycle (SSDLC) security tooling, such as source code scanning tools (SAST) and third-party dependency or software composition analysis (SCA)
  • Strong understanding of modern authentication and identity standards, including OAuth 2.0, OpenID Connect (OIDC), and SAML
  • Ability to review application code for security vulnerabilities, ideally in Java or Go
  • Experience identifying and mitigating vulnerabilities aligned with OWASP Top 10
  • Familiarity with cloud-native application environments, including Google Cloud Platform (GCP) or AWS, and containerized platforms such as Docker and Kubernetes
  • Understanding of networking protocols and modern data center architecture
  • Exceptional problem-solving skills, curiosity about the inner workings of systems, and strong attention to detail and documentation

Preferred Qualifications:

  • Experience in security and compliance for FedRAMP solutions, including understanding of NIST, DoD, and related security standards
  • Security certifications such as CISSP, CSSLP, GIAC, or OSCP
  • Experience with Linux environments, administration, security, internals
  • Experience with identity and access management (e.g. OAuth 2.0, OpenID Connect, SAML 2.0, Active Directory, 2FA/MFA, LDAP, SCIM, FAPI, OpenBanking)
  • Experience with CI/CD in Federal or US government cloud deployment (e.g., AWS GovCloud, Azure, or GCP)
  • Experience with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible
  • Experience in vulnerability management measurement, reporting, and remediation

Salary Range:

$133,060-$175,000

In accordance with Colorado's Equal Pay for Equal Work Act (SB 19-085) the approximate compensation range for this role in Colorado is listed above. Final compensation for this role will be determined by various factors, such as knowledge, skills, and abilities.

About the Company

P

Ping Identity Holding Corp

Resume Resources

Free Resume TemplatesFree Resume Builder

Similar Job Searches

Security Engineer JobsRemote SecurityEntry Level Security