Senior Security Engineer - Product Security
All roles at JumpCloud are Remote unless otherwise specified in the Job Description.
About JumpCloud
JumpCloud’s mission is to Make Work Happen®, providing simple, secure access to corporate technology resources from any device, or any location. The JumpCloud Directory Platform gives IT, security operations, and DevOps a single, cloud-based solution to control and manage employee identities, their devices, and apply conditional access controls based on Zero Trust principals. Since launching in 2012, our global user base has grown to more than 150,000 organizations, with more than 5,000 paying customers including Cars.com, GoFundMe, Grab, ClassPass, Uplight and Peloton. JumpCloud has raised over $400M from world-class investors including Sapphire Ventures, General Atlantic, Sands Capital, Atlassian, and CrowdStrike. Our teams are growing fast, too, and we're looking for talent across engineering, sales, customer success, marketing, product management, and more. Join our team of dedicated, passionate, and creative people who are eager to change the IT industry forever.
About the Role:
As a Senior Security Engineer, you'll be focused on JumpCloud’s product security in the Security Engineering Team, You will be pivotal in driving secure coding and SDLC efforts, secure code reviews, project security design reviews, secure engineering best practices and training, and assessing JumpCloud’s new projects as necessary.
You will be in the thick of it daily with the product and engineering teams driving bug remediation, identifying Jumpcloud product risk in design, consulting on new functionality for best practices, and leading responsible disclosure efforts, bug identification and validation, internal and external product influence and patching efforts. You will partner with your fellow security engineers to keep JumpCloud products secure by design, as we continue growing.
The company's leadership team, and a cross-functional team of skilled engineers from various perspectives, all working with a singular focus of maintaining our customer's trust. You'll be exposed to the reality of how JumpCloud functions on a technical and process level and will build a comprehensive base of knowledge around how it all works together. In doing so, you'll be playing a role in keeping JumpCloud secure and compliant, bringing security to our company's forefront.
Responsibilities and Duties
- Guide product and engineering teams to building security features through security architecture design reviews and threat modeling
- Evangelize secure coding practices across all engineering teams
- Build security into continuous integration and delivery pipelines
- Build security into our SDLC, participate in security design reviews, steer the team towards safe and reliable solutions, coordinate 3rd party penetration tests, etc
- Present findings and explain the impact and solutions to any level of leadership and other engineers.
- Perform security reviews and produce threat models for applications by working with product engineering and architects.
- Monitor our bug bounty program, static application security testing, and custom monitoring tools for suspicious activity and run incident response when required.
- Work with software engineers to analyze security vulnerabilities and follow through with issues until resolution.
- Build automation and tools to improve security aspects of code quality, SAST, DAST, and QA testing processes.
Qualifications and Skills
- Experience in application-level vulnerability testing or building software security controls.
- Substantial knowledge of common web application attacks and defense strategies (e.g., the OWASP Top 10, critical controls, and CWE Top 25)Proficient in detection, exploitation, and prevention of security vulnerabilities.
- Foundation in, and in-depth technical knowledge of software development, security engineering, computer and network security, authentication, security protocols, certificates, and applied cryptography.
- Experience integrating security controls into agile software development processes
- Familiarity with containerization and protecting cloud-native architectures
- Minimum of 5 years of experience with any combination of the following: penetration testing, threat modeling, secure software development, application security, product security
- Experience with multiple programming languages (e.g., Python, Ruby, Java, JavaScript, Golang)Understand the people aspects of security and enjoy collaborating with others to build secure things
Personal Characteristics
- Views security as an enabler, not an inhibitor to innovation.
- Ownership and Accountability
- Autonomy
- High Level of Integrity
- Clear Communication
- Creative Problem Solver
- Passionate about Security
In accordance with the Colorado Equal Pay for Equal Work Act, the approximate annual compensation range for this role, depending on individual candidate level and experience, is $150,000 to $175,000, including base salary and any related bonuses or commissions. JumpCloud provides a comprehensive benefits package, with several medical plans to choose from including a high deductible HSA plan with employer contribution, two dental plans, vision insurance, flexible spending account (FSA), employee assistance program (EAP), short- and long-term disability, life insurance and a 401k savings plan with match. We have an unlimited vacation policy.
#LI-JW1
Where you’ll be working/Location:
JumpCloud is committed to being Remote First. If a role requires you to be in a certain location or country, that will be clearly stated in the job description. All roles posted in United States locations do require that you be located within one of the 50 U.S. States.
Our Headquarters is in the Denver/Boulder, CO area. Once we reopen our offices you will have the opportunity to remain fully remote, work from one of our office locations (CO only currently) or flex your time.
Why JumpCloud?
If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.
Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud. Please note JumpCloud is not accepting third party resumes at this time.
JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
#LI-Remote