Application Security Engineer

November 4

Apply Now

Receive Emails with Similar Jobs

Onebrief

WebsiteLinkedInAll Job Openings

Enterprise • Government • SaaS

Onebrief is a platform that enhances and accelerates decision-making, planning, and collaboration, especially within large organizations and governmental bodies. The platform aims to streamline operations and reduce manual processes by offering real-time collaboration, data visualization, specialized workflows, and creative support tooling. Designed by senior planners, Onebrief serves as a hub for users to build plans and products efficiently, with the platform being noted for significantly improving productivity and adaptability. It is used across various networks, including SIPR and JWICS, and is regarded as a transformative tool for organizations such as the National Security Council and the US Army.

2 - 10 employees

🏢 Enterprise

🏛️ Government

☁️ SaaS

💰 $21M Venture Round on 2022-10

📋 Description

• Find Vulnerabilities in our Software: Bring an attacker’s mindset to review PRs, perform code audits, and utilize static analysis to identify vulnerable code patterns that can be exploited by adversaries. Use dynamic analysis, fuzzers and code reviews to find weaknesses in our codebase and work with developers to patch them. • Fix Vulnerabilities Across the Full Stack: Think like an adversary to find, fix, prevent or patch vulnerabilities from browser to kernel. Utilize vulnerability scanners to find unpatched components, and identify configuration errors that could expose our deployments to an attacker. Work with platform engineers to harden our customer environments and utilize best practices. Advise on network configuration, identity and access management and infrastructure security. • Improve the Security Posture of Infrastructure: Review identity and access management, logging, auditing, monitoring to help craft a layered defense for our corporate infrastructure and customer environments. Work with Cybersecurity analysts to help ensure compliance with corporate/Federal standards like SOC II, NIST and FedRamp Moderate/High. • Make the Team Stronger: Mentor other engineers on best security practices, share news of vulnerable libraries and compromises, engage with community on active threats and trends in exploit development, malware, etc. Work to improve processes to shift security “left” and identify vulnerabilities earlier in the design, development and deployment of our software.

🎯 Requirements

• 5+ years of experience in Application Security, Cybersecurity Engineering, Software Engineering or a related field, preferably with first-hand experience ensuring security in high-compliance environments like PCI DSS, HIPAA or NIST. • U.S. citizenship required, security clearance greatly desired. • A strong understanding of Linux, containerization and orchestration, and virtual machines • Networking fundamentals: core protocols and secure configurations. • A deep understanding of incident response processes, with experience conducting thorough root cause analyses and driving continuous improvement • Clear, concise writing; strong documentation habits and async communication. • Core skills and technologies: Javascript/Browser security, Network Security, Firewalls, Intrusion Detection, Static Analysis, Dynamic Analysis, Container Scanning, Kubernetes, Docker, Helm, Ansible, Terraform, Linux, AWS, DoD compliance, Monitoring and Observability tools.

🏖️ Benefits

• Offers Equity