Key skills
Vulnerability ManagementPentestingBug Bounty ProgramsInternal Tool DevelopmentSoftware Development PrinciplesTechnical DirectionAI Best PracticesCompliance StandardsRisk ScoringTeam CollaborationAdaptabilityCommunication SkillsGolangRustLeadership
About this role
1Password is a rapidly growing company focused on building a secure digital future. They are seeking a Senior Engineer to join their Application Security team, responsible for developing and maturing their Vulnerability Management Program to ensure the highest standards of trust and safety for users.
Responsibilities:
- Design, build, integrate and scale new security solutions to power our vulnerability management program
- Develop and maintain tools that correlate, enrich, and prioritize security vulnerability findings from multiple data sources
- Develop and maintain comprehensive dashboards and reporting metrics around our vulnerability management program, tailored to different audiences (technical, non-technical, compliance, senior leadership, etc.)
- Conduct detailed analysis used to inform security development teams to eliminate classes of vulnerabilities
- Partner with product and development teams to improve vulnerability triage workflows, validate findings, and come up with remediation strategies consistent with good user experiences
- Contribute to the design of risk-scoring and SLA models that align with business priorities
- Mentor other engineers and help shape the evolution of our vulnerability management strategy
Requirements:
- You have 5+ years of career experience in IT or Engineering with a security focus
- You have a passion for and strong experience with any of: bug bounty programs, vulnerability research, validation, remediation or pentesting
- You have experience with internal tool development and engineering enablement
- You have a strong foundational understanding of software development principles, and are comfortable reading and writing code
- You work well in a team environment with positive communications amongst a variety of technical and non-technical stakeholders
- You are comfortable owning and setting technical direction for small to medium sized initiatives
- You're adaptable and resilient, thriving in fast-paced environments with shifting priorities
- Experience with Rust and/or Golang, or a demonstrated ability to pick up new languages quickly
- Experience with popular compliance standards and certifications (e.g. SOC2, ISO, PCI)
- Experience building or maintaining vulnerability management programs in medium to large sized organizations