Key skills
AWSGoogle Cloud PlatformLinuxSDLCGCPGoogle CloudCommunicationPenetration Testing
About this role
Role Overview
- Collaborating closely with product and development team members during the software development lifecycle to identify security risks.
- Acutely identifying vulnerabilities introduced during product development.
- Deploying, tuning, triaging, and reviewing output produced by static code analysis tools, dependency code scanning tools, dynamic code scanning tools, and other application security tools.
- Deployment of tooling into SDLC environment and pipelines.
- Holding team members accountable to timelines for mitigating identified application security risks. Enforcing established SLA’s.
- Facilitating application security reviews and threat modeling exercises.
- Educating and enabling Engineering teams to self-serve.
- Engaging with third-party penetration testing organizations to facilitate effective security tests against Weave and its products.
- Optimizing the application security review process to meet the fast-paced product development at Weave.
- “Red Teaming” the organization--turning over rocks to identify untreated application security risks.
- Providing training to Weave’s development team members to build confidence in secure development practices.
- Enhancing the awareness of good security practices throughout the organization.
- Performing Demos/Talks in front of Engineering, (and non-technical) staff.
- Being a subject matter expert for team members to lean on for advice and guidance.
- Working closely with designers and engineers to deliver secure experiences to our customers.
- Defining measurable outcomes and maintaining focus on those outcomes throughout the execution of the security roadmap.
Requirements
- 2+ years experience as a full-time security researcher and/or application security engineer.
- Possess willingness to responsibly discover Weave systems to help identify meaningful and exploitable risks.
- Experience assessing the security configuration and hardness of systems, databases, network devices, applications, and processes used within an organization.
- Ability to write code to test vulnerabilities in code produced by and systems operated by Weave.
- Demonstrate strong integrity so as to not compromise the trust of Weave customers.
- Ability to perform security assessments, penetration tests, and other vulnerability scans on Weave systems to identify, assess, prioritize, remediate, and monitor the security of Weave systems.
- Experience working with security operations analysts to help more effectively identify nefarious activity performed by hackers.
- Knowledge of effective threat modeling skills and techniques.
- Knowledge of and experience with setting up, configuring, running, triaging, and tuning static code analysis, dependency code scanning, and dynamic code scanning tools.
- Possess strong understanding of AWS and GCP and core services provided by AWS and GCP.
- Have a strong working knowledge of Linux, Windows, and other common computer technologies.
- Possess understanding of good security practices.
- Demonstrate strong, effective communication skills--both written and verbal.
Tech Stack
- AWS
- Google Cloud Platform
- Linux
- SDLC
Benefits
- This position will be hybrid (remote/in office)