Barracuda · 10 hours ago
Principal Application Security Engineer
Maximize your interview chances
Cloud InfrastructureEnterprise Software
H1B Sponsor Likely
Insider Connection @Barracuda
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Ensure the secure delivery of software from design through to implementation
Maintain awareness of software security trends, incidents, and best practices, and provide expert advice and guidance to engineering teams regarding secure development and vulnerability remediation.
Manage Barracuda’s bug bounty programs
Work collaboratively with the organization, including with Security, Compliance and Engineering, to understand and remediate computer and software security incidents
Evaluate new and emerging security technologies, features, and products.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
7+ years of experience
A deep understanding of software security best practices and vulnerabilities, especially as they relate to web applications (e.g. OWASP Top 10)
Experience identifying vulnerabilities in software and SaaS services
Experience in source code review, preferably for Python, PHP and Go
Experience in scoping and performing manual application penetration testing
Experience in assessing the risk of identified vulnerabilities, and providing correct, robust and actionable recommendations to mitigate and/or resolve the vulnerabilities
Experience in understanding software vulnerabilities, in finding other instances of the vulnerability across codebases, and in identifying collateral/related vulnerabilities.
Experience in assessing the implemented resolution of a vulnerability for completeness and accuracy, and identifying bypasses for the implemented resolution
Experience in working collaboratively with software development teams to identify vulnerabilities in all stages of software development
Experience in communicating effectively with people of varying security proficiency and interest (fellow security professionals, engineering, and management)
The ability to coordinate and participate in wide-scale Software Incident Security Response exercises such as the log4j response, understanding and unpacking information as incidents unfold, and in working across the organization to deliver a comprehensive 'Identify, Resolve, Validate' solution
Basic programming experience in at least one language, preferably Python or Go, and experience in automating routine tasks such as searching source code and manipulating data.
The ability to perform source code review in new and unfamiliar languages using knowledge of security best practices and a willingness to read documentation
Solutions architecture review experience, and the ability to identify opportunities and vulnerabilities early in the specification and development of software
Threat modelling experience
Fuzzing experience
Experience using and integrating automated software security scanners such as SAST/DAST/SCA
An understanding of Infrastructure as Code and cloud platform security (preferably Azure and AWS)
An understanding of identity, authentication and authorization protocols including OAuth/OpenID Connect and SAML
Published examples of work such as original research, vulnerability advisories, conference talks, bug bounty writeups or CTF writeups
The ability to identify opportunities for process improvement, including automation and the authorship of software (scanners, fuzzers, helper utilities etc.)
Experience participating in and/or managing bug bounty programs
Experience with and/or a willingness to collaborate with other security functions such as compliance and policy, network/corporate security, security monitoring and incident response
Benefits
Equity, in the form of non-qualifying options
High-quality health benefits
Retirement Plan with employer match
Career-growth opportunities
Flexible Time Off and Paid Time Off benefits
Volunteer opportunities
Company
Barracuda
At Barracuda we strive to make the world a safer place.
H1B Sponsorship
Barracuda has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (6)
2022 (12)
2021 (12)
2020 (11)
Funding
Current Stage
Late StageTotal Funding
$61MKey Investors
Menlo VenturesPalomar Ventures
2007-09-17Acquired
2005-10-17Series Unknown· $15M
2003-04-08Series C· $20M
Recent News
2024-04-24
2024-04-24
Company data provided by crunchbase