Apply on Employer Site

Onebrief · 2 months ago

Application Security Engineer

United States

Full-time

Remote

Senior Level

$170K/yr - $210K/yr

5+ years exp

Onebrief is a collaboration and AI-powered workflow software company focused on military staff efficiency. The Application Security Engineer will be responsible for identifying and fixing security issues within the application and related infrastructure, while also mentoring other engineers on best security practices.

Information TechnologyMilitaryProductivity ToolsSoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Find Vulnerabilities in our Software: Bring an attacker’s mindset to review PRs, perform code audits, and utilize static analysis to identify vulnerable code patterns that can be exploited by adversaries. Use dynamic analysis, fuzzers and code reviews to find weaknesses in our codebase and work with developers to patch them

Fix Vulnerabilities Across the Full Stack: Think like an adversary to find, fix, prevent or patch vulnerabilities from browser to kernel. Utilize vulnerability scanners to find unpatched components, and identify configuration errors that could expose our deployments to an attacker. Work with platform engineers to harden our customer environments and utilize best practices. Advise on network configuration, identity and access management and infrastructure security

Improve the Security Posture of Infrastructure: Review identity and access management, logging, auditing, monitoring to help craft a layered defense for our corporate infrastructure and customer environments. Work with Cybersecurity analysts to help ensure compliance with corporate/Federal standards like SOC II, NIST and FedRamp Moderate/High

Make the Team Stronger: Mentor other engineers on best security practices, share news of vulnerable libraries and compromises, engage with community on active threats and trends in exploit development, malware, etc. Work to improve processes to shift security “left” and identify vulnerabilities earlier in the design, development and deployment of our software

Qualification

Application SecurityCybersecurity EngineeringKubernetesStatic AnalysisDynamic AnalysisLinuxAWSNetwork SecurityContainer ScanningIncident ResponseDevOps PracticesCompliance FrameworksDocumentationCommunicationMentoring

Required

5+ years of experience in Application Security, Cybersecurity Engineering, Software Engineering or a related field, preferably with first-hand experience ensuring security in high-compliance environments like PCI DSS, HIPAA or NIST

U.S. citizenship required, security clearance greatly desired

A strong understanding of Linux, containerization and orchestration, and virtual machines

Networking fundamentals: core protocols and secure configurations

A deep understanding of incident response processes, with experience conducting thorough root cause analyses and driving continuous improvement

Clear, concise writing; strong documentation habits and async communication

Core skills and technologies: Javascript/Browser security, Network Security, Firewalls, Intrusion Detection, Static Analysis, Dynamic Analysis, Container Scanning, Kubernetes, Docker, Helm, Ansible, Terraform, Linux, AWS, DoD compliance, Monitoring and Observability tools