Product Security Engineer - Federal

Job Summary:

As an Product Security Engineer working in our Federal accounts, you will gain invaluable experience at a visionary identity security company. The position requires a passion for application security, solving both technical and organizational changes, with the ability to work in a challenging, distributed and Infrastructure-as-Code development environment, excellent communications skills, and attention to latest security best practices.

Responsibilities:

• Own multiple Security Engineering assignments working with Ping Identity products, processes, and tooling
• Assist in proposing, developing, and improving Secure Software Development Lifecycle (SSDLC) practices alongside global, high-performance product engineering teams
• Work with the product teams to perform security design/code reviews and vulnerability assessment and management in an agile environment
• Perform application security tasks including threat modeling, developer code reviews, consulting, static code analysis, dynamic runtime fuzzing, building custom tools, and automation and exploit development
• Assist the Federal presales, support and customer success teams responding to prospect, customer and field questions related to product and industry security
• Engage with third-party security consultants for independent security assessments, bug bounties and penetration testing of the product

Required Qualifications:

• Meet US citizenship and residency requirements for FedRAMP engagements
• 2+ years of application security in a mix of Enterprise Application Security, API Security, Web Application Security, and Mobile Application Security
• 3+ years of developing commercial software products
• Understanding of networking protocols and modern data center architecture
• Exceptional problem-solving skills, curious about the inner workings of systems and showing attention to details and documentation
• Excellent written and oral communication skills

Desired Qualifications:

• Experience in security and compliance for FedRAMP solutions: Understanding of NIST, DoD, and related security standards.
• Experience with Linux environments, administration, security, internals
• Experience with identity management (e.g. OAuth 2.0, OpenID Connect, SAML 2.0, Active Directory, 2FA/MFA, LDAP, SCIM, FAPI, OpenBanking)
• Experience with CI/CD in Federal or US government cloud deployment in Amazon AWS, AWS GovCloud, Azure or Google Cloud Platform
• Experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible.
• Experience in containerization with Docker or Podman.
• Experience in container management with Kubernetes and Helm.
• Experience in vulnerability management measurement, reporting and remediation
• Security certifications such as CISSP, CSSLP, GIAC, OSCP

Salary Range: $133,060-$175,000
In accordance with Colorado's Equal Pay for Equal Work Act (SB 19-085) the approximate compensation range for this role in Colorado is listed above. Final compensation for this role will be determined by various factors, such as knowledge, skills, and abilities.