Senior Application Security Engineer - FedRAMP

May 2

Apply Now

Receive Emails with Similar Jobs

Rubrik, Inc.

WebsiteLinkedInAll Job Openings

As the pioneer in Zero Trust Data Security™, we enable cyber and operational resilience for enterprises and governments.

Ransomware Recovery • Cloud Data Management • Cyber Resiliency Solutions • Backup and Recovery • Ransomware Detection

1001 - 5000

Description

• Actively participate in integrating security controls and practices into the SDLC and collaborate with Engineering to embed security into every phase of the development process. • Perform security assessments of applications, identifying vulnerabilities and weaknesses though both automated and manual testing techniques. • Remediate security issues identified during assessments and collaborate with Engineering teams to implement effective fixes and countermeasures. • Design and implement in-house security tools that will enhance security detection capabilities to provide our Engineering partners with high fidelity findings and actionable insights. • Monitor emerging trends and developments in the application security space, including tools, technologies and best practices to guard against emerging threats and vulnerabilities. • Collaborate with compliance teams to ensure that application security practices adhere to FedRAMP requirements and where necessary implement necessary controls, documentation and processes in support of maintaining compliance. • Participate in the annual audit process by providing documentation, evidence and expertise related to Rubrik’s application security practices. • Work with development teams, operations, governance, and other stakeholders to document security guidance, processes and standards for Rubrik products and services • Coordinate penetration testing / bug bounty programs and support the remediation effort

Requirements

• Bachelor’s degree required; BS or MS in Computer Science, Information Technology, or a related field • 8+ years’ experience in application security, with experience across SDLC activities such as threat modeling, secure code review, vulnerability management, and penetration testing • Prior experience working in environments with NIST 800-53, NIST 800-171 controls or FedRAMP requirements • Knowledge of regulatory guidelines and standards such as FedRAMP, SOC2, ISO 27001. • Broad knowledge of web, application, and cloud attack vectors and exploits • Comprehension in multiple programming languages (Python, Go, Scala, C/C++, Javascript/Typescript) • Experience with Bazel or similar build systems for secure build processes and dependency management in application development • Working experience with CI/CD pipeline, containerization (Kubernetes, Docker, etc) and MicroServices • Experience with deploying and securing SaaS applications and cloud environments at scale • Deep security subject matter expertise in at least one major public cloud provider (AWS, GCP, Azure) • Understanding of application security maturity model frameworks and how to apply them • Team player, ability to establish priorities, deal with conflicts, work independently, proceed with objectives and can-do attitude • Ability to lead, guide and manage Application Security services and deliver on security outcomes and achieve objectives. • A self-starter with excellent critical thinking and problem solving skills • Strong written and verbal communication skills

Benefits

• The minimum and maximum base salaries for this role are posted below; additionally, the role is eligible for bonus potential, equity and benefits. The range displayed reflects the minimum and maximum target for new hire salaries for the role based on U.S. location. Within the range, the salary offered will be determined by work location and additional factors, including job-related skills, experience, and relevant education or training. • US Pay Range - $154,800 - $258,000 USD • US (SF Bay Area, DC Metro, NYC) Pay Range - $172,000 - $258,000 USD • US2 (all other US offices/remote) Pay Range - $154,800 - $232,200 USD