Senior Product Security Engineer | Application Security

Posted 20 Days Ago
Be an Early Applicant
Hiring Remotely in USA
Remote
Senior level
Big Data • Cloud • Security • Software • Cybersecurity
ExtraHop provides cybersecurity for hybrid and cloud businesses.
The Role
The Senior Product Security Engineer will lead efforts in securing software applications, conducting threat modeling, code reviews, and vulnerability assessments. Responsibilities include implementing security tools, managing pentesting programs, triaging vulnerabilities, and training staff on secure practices while participating in compliance efforts.
Summary Generated by Built In

At ExtraHop, we're on a mission to help organizations achieve complete visibility, real-time threat detection, and proactive security through cutting-edge network detection and response (NDR) technology. Our NDR product is a market leader, providing our customers with the ability to detect, investigate, and respond to threats faster than ever before.

We’re proud of the work we do and the recognition we’ve received, including our recent Gartner Peer Insights award, which reflects the trust and satisfaction our customers have in our solutions.

If you're passionate about innovation, dedicated to protecting digital infrastructures, and ready to make a real impact, we invite you to join our team and help us shape the future of cybersecurity.

 

Position Summary

Do you enjoy the challenge of securing complex systems? Want to be a part of a collaborative team that builds solutions that protect some of the biggest networks in the world? ExtraHop is seeking a Senior Product Security Engineer, experienced with modern software development practices to build and operate product security program capabilities, tools, and processes that allow us to keep pace with a rapidly changing security landscape, reduce security risk and enable organizational success.

We're looking for candidates with a mix of software development and application security experience, who enjoy working in a collaborative environment and taking direct action to identify, remediate and prevent vulnerabilities and security issues.

You must have experience with securing web applications, APIs and software systems, working with public cloud infrastructure, and be familiar with container technologies.


Key Responsibilities

  • Define standards for secure development and configuration of application and infrastructure components; and coordinate with other teams to ensure compliance with those standards
  • Perform threat modeling, security design reviews, code reviews, and security consultations with software and systems engineers
  • Implement, manage and improve vulnerability scanning tools (including SAST, DAST, SCA, and application fuzzing), configuration auditing and other security assessment tools
  • Build and improve vulnerability management processes and tooling to support system owners to successfully 
  • Conduct manual pen testing of new features + existing systems; lead red team exercises
  • Coordinate third party pentesting and bug bounty programs
  • Triage vulnerability findings, evaluate risk, recommend effective remediation actions
  • Develop and deliver training on secure development standards and process
  • Contribute to disaster recovery and contingency planning
  • Perform and/or lead security incident response activities
  • Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections
  • Support security compliance & certifications programs (e.g., FedRAMP, NIST SP800-53, NIST CSF, SOC 2, ISO, FIPS 140-2, etc.) by becoming familiar with control requirements, owning/operating specific controls, and helping other teams meet requirements 
  • Other duties as assigned


Required Qualifications

  • Bachelor’s degree or equivalent experience in computer science, engineering, or information technology
  • 8+ years of experience in security engineering, application security and software development
  • Experience securing cloud-based web applications, APIs, data; performing security design reviews, code reviews and threat modeling exercises
  • Knowledge of software security vulnerabilities and best practices for Golang, Typescript, Javascript, Python, C/C++, React
  • Solid knowledge of Git
  • Experience working with container-based environments (Kubernetes, Docker, LXC, etc.)
  • Experience with AWS cloud platform
  • Must be a U.S. citizen


Preferred Qualifications

  • Obtained applicable certifications for software security, web application penetration testing or equivalent
  • Experience securing a cloud service (i.e., software as a service (SaaS)) offerings and shippable software products
  • Experience with meeting FedRAMP, NIST SP 800-53 and similar compliance requirements
  • Experience with Google Cloud Platform (GCP) and Azure 
  • Experience deploying and maintaining systems using modern Orchestration and Infrastructure-as-Code technologies

The base salary for this position rages from 136,600 - 180,000 plus bonus + benefits


Note: employees, including fully remote staff, are expected to attend two in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each.


ABOUT EXTRAHOP 

ExtraHop is the cybersecurity partner enterprises trust to reveal the unknown and unmask the attack. We’re on a mission to protect and propagate trust by revealing the cybertruth, and we partner with every customer, every day, to uncover it. Our Reveal(x) 360 platform is the only network detection and response solution delivering the 360-degree visibility needed to see everything on the network. When organizations have full network transparency with ExtraHop, they can see more, know more, and stop more cyberattacks.

ExtraHop is recognized by leading organizations for both its innovation in the market and its commitment to building a world-class team. We’ve been recognized as a “Customer’s Choice” by Gartner Peer Insights™ Voice of the Customer, and as a Leader in the Forrester Wave®: Network Analysis and Visibility, Q2 2023. ExtraHop has won AI Breakthrough Awards four times (2018-2020, 2023) and our Channel Partner program has received a 5-star rating from CRN for our 2023 Partner Program Guide. Our flagship product, Reveal(x), has received numerous accolades, including a 2022 Edison Award for Cybersecurity. 

Employees' wellbeing is top of mind for the ExtraHop team. Employees and their families will have the option to participate in the following benefits:

  • Health, Dental, and Vision Benefits
  • Flexible PTO, Sick Time Prorated Based on Date of Hire, and All Federal Holidays (US Only) + 3 Days of Paid Volunteer Time
  • Non-Commissioned Positions may be eligible to participate in the Annual Discretionary Bonus Plan
  • FSA and Dependent Care Accounts + EAP, where applicable
  • Educational Reimbursement
  • 401k with Employer Match or Pension where applicable
  • Pet Insurance (US Only)
  • Parental Leave (US Only)
  • Hybrid and Remote Work Model

*Candidates should note that the Company may modify reporting relationships, job titles and compensation, including commissions and benefits, from time to time at its sole discretion, as it deems necessary, with or without prior notice.

We are intentional about our culture, diversity, and inclusion, and we welcome everyone to come ready to participate in contributing to this truly unique environment. At ExtraHop, we believe that the best products, services, and companies are built by strong teams that include a diversity of backgrounds, perspectives, ideas, and experiences. We are committed to supporting and enabling growth and opportunity for every employee at every level. This is the foundation of our success. 

We are equally committed to equal employment opportunity, and it is foundational to how we recruit and hire our talented team. Employment is determined based upon capabilities and qualifications without discrimination on the basis of race, color, religion, sex, gender identification and expression, marital status, military status, pregnancy (including but not limited to potential pregnancy and pregnancy-related conditions), sexual orientation, age , national origin, ancestry, citizenship or immigration status, disability ,, genetic information, or any other protected class as established by law.
Our people are our most important competitive advantage, leading the charge cyber criminals and insider threats.

Ready to join us?   #Extrahop #Security #NDR #informationsecurity #cybersecurity #cloudsecurity #infosec #LI-Remote 

Top Skills

C/C++
Go
JavaScript
Python
Typescript
The Company
HQ: Seattle, WA
613 Employees
Hybrid Workplace
Year Founded: 2007

What We Do

ExtraHop secures the hybrid enterprise through network detection and response. ExtraHop provides cloud-native network detection and response for the hybrid enterprise. Our breakthrough approach analyzes all network interactions and applies cloud-scale machine learning for complete visibility, real-time detection, and intelligent response.

Why Work With Us

We are ExtraHoppers. We like what we do and the people we do it with. We don't just solve problems for our customers, we help them rise above the noise of threats, alerts, and corporate gridlock to realize true security and exceptional performance.

Gallery

Gallery

Similar Jobs

PagerDuty Logo PagerDuty

Senior Security Engineer 4, Product & Application Security

Artificial Intelligence • Cloud • Information Technology • Machine Learning • Software • Big Data Analytics • Automation
Easy Apply
Remote
Hybrid
USA
1200 Employees

Take-Two Interactive Software Logo Take-Two Interactive Software

Senior Product Security Engineer

Gaming • Information Technology • Mobile • Software
Remote
Texas, USA
6500 Employees

Toast Logo Toast

Product Security Engineer II

Cloud • Fintech • Food • Information Technology • Software • Hospitality
Remote
USA
5000 Employees
104K-166K Annually

Two Barrels LLC Logo Two Barrels LLC

Application Security Engineer

eCommerce • Legal Tech • Professional Services • Software • Data Privacy
Remote
Hybrid
Country Homes, WA, USA
950 Employees
175K-175K Annually

Similar Companies Hiring

Stepful Thumbnail
Software • Healthtech • Edtech • Artificial Intelligence
New York, New York
60 Employees
HERE Technologies Thumbnail
Software • Logistics • Internet of Things • Information Technology • Computer Vision • Automotive • Artificial Intelligence
Amsterdam, NL
6000 Employees
True Anomaly Thumbnail
Software • Machine Learning • Hardware • Defense • Artificial Intelligence • Aerospace
Colorado Springs, CO
131 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account