Application Security Engineer - FedRAMP

About The Position

Requirements

• Bachelor's degree required; BS or MS in Computer Science, Information Technology, or a related field.
• 3+ years' experience in Application Security, with experience across SDLC activities such as threat modeling, secure code review, vulnerability management, and penetration testing.
• Knowledge of regulatory guidelines and standards such as FedRAMP, SOC2, ISO 27001 etc.
• Broad knowledge of web, application, and cloud attack vectors and exploits.
• Comprehension in multiple programming languages (Python, Go, Scala, C/C++, Javascript/Typescript).
• Working experience with CI/CD pipeline, containerization (Kubernetes, Docker, etc) and MicroServices.
• Working knowledge of at least one major public cloud provider (AWS, GCP, Azure).
• Understanding of application security maturity model frameworks and how to apply them.
• Foundational knowledge of deploying and securing SaaS applications and cloud environments.
• Team player, ability to establish priorities, deal with conflicts, work independently, proceed with objectives and can-do attitude.
• A self-starter with excellent critical thinking and problem solving skills.
• Strong written and verbal communication skills.

Responsibilities

• Integrate security controls and practices into Rubrik's secure SDLC and collaborate with Engineering to embed security into every phase of the development process.
• Perform security assessments of applications, identifying vulnerabilities and weaknesses through both automated and manual testing techniques.
• Carry out detailed analysis of identified vulnerabilities to ensure high fidelity findings are provided to Engineering teams.
• Assist in identifying and implementing frictionless 'shift-left' strategies to proactively prevent vulnerabilities earlier in the SDLC.
• Aid in the collection, management and reporting of key Application Security metrics to track progress and identify trends.
• Analyze and harden existing applications, automation, and deployment processes.
• Participate in security design reviews and threat modeling of proposed products and feature releases.
• Work with development teams, operations, governance, and other stakeholders to document security guidance, processes and standards for Rubrik products and services.
• Collaborate with compliance teams to ensure that Application Security strategies and services adhere to FedRAMP requirements.
• Participate in the annual audit process by providing documentation, evidence and expertise related to Rubrik's Application Security practices.

Benefits

• Bonus potential
• Equity
• Comprehensive benefits package