Senior Application Security Engineer
Who We Are
Ivanti is a global leader in IT systems and security management, service management, asset management, and mobility management and security solutions - helping organizations reduce risks and costs associated with managing their IT environment.
Ivanti is experiencing significant growth worldwide. The company has received numerous awards for being a Top Place to Work, as well as many accolades for the products it develops. Our customer focus strategy is driven by the company's core values, including innovation, accountability, teamwork, and trust, it's an exciting time to join Ivanti.
Looking for more than just a job? We like developing our people just as much as we like developing great products and services
If you're passionate about what you do, are a champion of customer satisfaction and success, and interested in developing solutions that make a difference and in having fun while doing it, Ivanti is the place for you!
What We Do
- Empower users to seamlessly and securely connect from any place in the world that offers air, water and... Internet!
- Equip organizations with the right tools to configure access, manage and enforce compliance with a holistic view on network, users and usage.
- Empower organizations to continue to breathe easy, now with an added sense of invincibility.
- Work hard so that you can focus on the things you want to!
What we are looking for:
A Senior Application Security Engineer to work with developers to refine security checkpoints in the development cycle that are based industry accepted security standards and represent Security platform within the various stages of SDLC.
What you will be doing:
- Develop a broad and deep technical understanding of products, services and architectures.
- Leverage this understanding to conduct architecture reviews, threat modelling and code reviews on web applications, mobile applications and other relevant services.
- Interpret security tools and penetration testing results to stakeholders, providing advice on vulnerability remediation and risk mitigation.
- Create relevant documentation and metrics to your stakeholders and business leaders and deliver these in a clear, concise manner.
- Research and maintain proficiency in attacker Tools, Techniques, Procedures and other security topics.
- Propose and develop training materials to help raise the security bar across the organization.
- Develop innovative and scalable tools, solutions, and processes to enhance product security operations
Who you are
- Innate curiosity and ability to learn. Individuals should be confident in picking up new technologies and pivoting when the role requires, given the fast-paced agile development environment we support.
- Critical thinking and troubleshooting are paramount. Practical, creative solutions to difficult problems are key.
- Passion for security. We're looking for people who genuinely care about working to create a secure product with modern, agile facing practices.
You are the ideal candidate if you have
- B.S. Computer Science or similar combination of education and experience
- Deep software development experience (Java, iOS and Android APIs, Web, Python)
- Good communication skills
- Have an excellent working knowledge and ability to educate others on common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
- Have experience in web, database, information and/or infrastructure security
- Know and love learning about the latest security tools, infrastructure, and industry best practices
- Enjoy working across and being a resource for other engineers and sharing your knowledge of secure coding practices
- Experience in authentication and authorization: SAML, OAuth, LDAP, AD, etc
- Sound understanding of app security vulnerabilities, defense techniques and security best practices, including language-specific security measures and present-day threats
- Deep security subject matter expertise in at least one major public cloud provider (AWS, GCP, Azure)
- Experience with deploying and securing SaaS applications and cloud environments at scale
- Working experience with CI/CD pipeline, containerization (Kubernetes, Docker, etc) and MicroServices
- Coordinating bug bounty (VRP) programs and assisting with remediation
Ivanti provides a supportive environment for motivated individuals looking to grow their careers and realize high earnings potential. Join a challenging, technology focused environment, earn a competitive salary and benefits package, receive the training you need to stay ahead of the curve, and work in a casual, smart, and fast-paced organization.
External Recruiting Agencies/Vendors: Ivanti does not currently engage with external recruiting agencies and will not accept unsolicited resumes from any external agency. Unsolicited resumes submitted by agencies to Ivanti will become the property of Ivanti and may be contacted and engaged with directly. Ivanti maintains a preferred vendor list and only engages with these agencies from time to time. Ivanti has not agreed to pay placement or any other fee to companies who have not been specifically retained to conduct a candidate search.
Individuals seeking employment at Ivanti are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.