Today
Unspecified
Mid Level Career (5+ yrs experience)
$125,000 - $150,000
IT - Security
Introduction
We areworking on a project that tackles the problem of managing large-scale IT networks. We are seeking talented and highly motivated engineers to join us in bringing this project to a larger audience.
You would be responsible for helping to create, evolve, document, and implement security development and deployment practices for a product that’s delivered both on-premises as well as to the cloud. This work would include evaluating and disseminating information and recommendations from resources such as NIST, OWASP, MITRE, and other sources of security information and best practices. This work would also include—with the assistance of the rest of the development team—implementing these security controls and practices as part of the software development process, supplying guidance and requirements for deploying our product on-premises, and creating a secure environment for our upcoming cloud offering.
Our product is a .NET Core application (with some TypeScript and Python components) backed primarily by PostgreSQL, that serves both a web frontend and REST API. The application source is hosted in GitLab, and we use merge requests and GitLab CI to manage our code contribution workflows.
Things we really need
Experience maintaining a secure software supply chain (monitoring for CVEs, creating SBOMs, etc.)
Experience evaluating security best practices and applying them to processes and assets
Experience reviewing code and architecture to identify potential security issues
Experience writing internal documentation around security evaluations and decisions
Experience with security monitoring infrastructure (log analysis, web application firewalls)
United States citizenship
8+ years of experience
Things we want too
Familiarity with writing infrastructural code in support of security goals (abstractions, constraints, etc.)
Familiarity with working with developers to help them learn and self-apply secure development principals
Familiarity with government/industry security auditing processes
Specific familiarity with web security concepts and best practices (TLS/HTTPS, common web vulnerabilities, federated authentication, etc.)
Things that are extra cool
Specific familiarity with government programs pertaining to secure application development (STIGs, APL, NIAP)
Specific experience with the Microsoft web application development stack (C#, .NET, ASP.NET)
Specific experience with AWS security tooling
Experience with static application security analysis tools
Our end of the bargain
Remote-first environment (if that's your thing)
Dedicated collaborative office space in NoVA (if that's your thing)
We respect work/life balance
Occasional on-site team summits
Competitive salary and annual reviews
We areworking on a project that tackles the problem of managing large-scale IT networks. We are seeking talented and highly motivated engineers to join us in bringing this project to a larger audience.
You would be responsible for helping to create, evolve, document, and implement security development and deployment practices for a product that’s delivered both on-premises as well as to the cloud. This work would include evaluating and disseminating information and recommendations from resources such as NIST, OWASP, MITRE, and other sources of security information and best practices. This work would also include—with the assistance of the rest of the development team—implementing these security controls and practices as part of the software development process, supplying guidance and requirements for deploying our product on-premises, and creating a secure environment for our upcoming cloud offering.
Our product is a .NET Core application (with some TypeScript and Python components) backed primarily by PostgreSQL, that serves both a web frontend and REST API. The application source is hosted in GitLab, and we use merge requests and GitLab CI to manage our code contribution workflows.
Things we really need
Experience maintaining a secure software supply chain (monitoring for CVEs, creating SBOMs, etc.)
Experience evaluating security best practices and applying them to processes and assets
Experience reviewing code and architecture to identify potential security issues
Experience writing internal documentation around security evaluations and decisions
Experience with security monitoring infrastructure (log analysis, web application firewalls)
United States citizenship
8+ years of experience
Things we want too
Familiarity with writing infrastructural code in support of security goals (abstractions, constraints, etc.)
Familiarity with working with developers to help them learn and self-apply secure development principals
Familiarity with government/industry security auditing processes
Specific familiarity with web security concepts and best practices (TLS/HTTPS, common web vulnerabilities, federated authentication, etc.)
Things that are extra cool
Specific familiarity with government programs pertaining to secure application development (STIGs, APL, NIAP)
Specific experience with the Microsoft web application development stack (C#, .NET, ASP.NET)
Specific experience with AWS security tooling
Experience with static application security analysis tools
Our end of the bargain
Remote-first environment (if that's your thing)
Dedicated collaborative office space in NoVA (if that's your thing)
We respect work/life balance
Occasional on-site team summits
Competitive salary and annual reviews
group id: 10471702
