Be an early applicantLess than 25 applicants

Company

Barracuda · 7 hours ago

Principal Application Security Engineer

United States

Full-time

Remote

Senior Level, Lead/Staff

$232K/yr - $250K/yr

7+ years exp

Maximize your interview chances

Cloud InfrastructureEnterprise Software

H1B Sponsor Likely

Insider Connection @Barracuda

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Ensure the secure delivery of software from design through to implementation

Maintain awareness of software security trends, incidents, and best practices, and provide expert advice and guidance to engineering teams regarding secure development and vulnerability remediation.

Manage Barracuda’s bug bounty programs

Work collaboratively with the organization, including with Security, Compliance and Engineering, to understand and remediate computer and software security incidents

Evaluate new and emerging security technologies, features, and products.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Software security best practicesSource code reviewManual application penetration testingVulnerability assessmentAutomated security scannersPythonPHPGoThreat modellingFuzzingInfrastructure as CodeCloud platform securityOAuth/OpenID ConnectSAMLBug bounty programsCollaboration with security functionsProcess improvement

Required

7+ years of experience

A deep understanding of software security best practices and vulnerabilities, especially as they relate to web applications (e.g. OWASP Top 10)

Experience identifying vulnerabilities in software and SaaS services

Experience in source code review, preferably for Python, PHP and Go

Experience in scoping and performing manual application penetration testing

Experience in assessing the risk of identified vulnerabilities, and providing correct, robust and actionable recommendations to mitigate and/or resolve the vulnerabilities

Experience in understanding software vulnerabilities, in finding other instances of the vulnerability across codebases, and in identifying collateral/related vulnerabilities.

Experience in assessing the implemented resolution of a vulnerability for completeness and accuracy, and identifying bypasses for the implemented resolution

Experience in working collaboratively with software development teams to identify vulnerabilities in all stages of software development

Experience in communicating effectively with people of varying security proficiency and interest (fellow security professionals, engineering, and management)

The ability to coordinate and participate in wide-scale Software Incident Security Response exercises such as the log4j response, understanding and unpacking information as incidents unfold, and in working across the organization to deliver a comprehensive 'Identify, Resolve, Validate' solution

Basic programming experience in at least one language, preferably Python or Go, and experience in automating routine tasks such as searching source code and manipulating data.

The ability to perform source code review in new and unfamiliar languages using knowledge of security best practices and a willingness to read documentation

Solutions architecture review experience, and the ability to identify opportunities and vulnerabilities early in the specification and development of software

Threat modelling experience

Fuzzing experience

Experience using and integrating automated software security scanners such as SAST/DAST/SCA

An understanding of Infrastructure as Code and cloud platform security (preferably Azure and AWS)

An understanding of identity, authentication and authorization protocols including OAuth/OpenID Connect and SAML

Published examples of work such as original research, vulnerability advisories, conference talks, bug bounty writeups or CTF writeups

The ability to identify opportunities for process improvement, including automation and the authorship of software (scanners, fuzzers, helper utilities etc.)

Experience participating in and/or managing bug bounty programs

Experience with and/or a willingness to collaborate with other security functions such as compliance and policy, network/corporate security, security monitoring and incident response

Benefits

Equity, in the form of non-qualifying options

High-quality health benefits

Retirement Plan with employer match

Career-growth opportunities

Flexible Time Off and Paid Time Off benefits

Volunteer opportunities

Company

Barracuda

At Barracuda we strive to make the world a safer place.

Founded in 1999

Santa Clara, California, USA

1001-5000 employees

http://www.barracuda.com/netcontinuum

H1B Sponsorship

Barracuda has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2023 (6)

2022 (12)

2021 (12)

2020 (11)