Product Security Engineer

ABOUT EGNYTE

Egnyte is the secure multi-cloud platform for content security and governance that enables organizations to better protect and collaborate on their most valuable content. Established in 2008, Egnyte has democratized cloud content security for more than 22,000 organizations, helping customers improve data security, maintain compliance, prevent and detect ransomware threats, and boost employee productivity on any app, any cloud, anywhere. For more information, visit www.egnyte.com.

Currently, we’re seeking an engineer who’s well-rounded in terms of application security and has in-depth expertise in application security, security architecture and/or penetration testing. Joining Egnyte, you will be able to apply your skills to interesting challenges, work with diverse technologies, and large-scale software.

Product Security engineers at Egnyte are involved in every stage of the SDLC to highlight security concerns and provide expert advice on addressing them. By promoting security principles, ongoing penetration testing, and developing “paved roads,” we’re able to provide our customers with a secure and reliable product.

To excel at this role, you need to be passionate about DevSecOps, as it’s something we’re genuinely committed to at Egnyte. Knowledge about cloud platform security practices and interest in developing security tooling are important as well. You will have a chance to develop security-oriented tools and processes from conception to completion. 

WHAT YOU’LL DO: 

• Partner with engineering and product teams, providing expertise and advice regarding secure design, implementation, and best practices. 

• Responsible for threat modeling, security reviews, and penetration testing of web, mobile, and desktop applications, identifying vulnerabilities and seeking effective remediation opportunities.

• Maintain high ownership, embrace a proactive and constructive approach for effective problem-solving.

• Integrate security into the Software Development Life Cycle.

• Validate and assess issues reported through our bug bounty programs. 

• Develop tools, documentation, processes, and techniques to ensure the security of our software.

• Maintain consistently high standards of communication, productivity, and teamwork across all teams.

• Share knowledge, mentor and train other team members to foster a culture of excellence and security awareness in software engineering.

YOUR QUALIFICATIONS:

• 3+ years of application security experience, DevSecOPS/Automation background preferred

• Proven experience in implementing Secure-SDLC 

• Hands-on experience in conducting code and architecture security reviews, penetration tests and thread modeling

• In-depth knowledge of OWASP guidelines & standards (ASVS, MASVS, WSTG, and related)

• Solid knowledge of security testing tools and techniques

• Familiarity with concepts like Identity, Data protection, Monitoring, and IR in the cloud services space

• Ability to create and deploy your own tools and automation (preferably in Python)

• Being a strong communicator who is comfortable working cross-functionally.

• Strong sense of ownership and ability to work in long-term projects and initiatives.

• English level: C1

BONUS SKILLS:

• Experience as a Software Engineer or Architect (preferably in Java, Go or Python)

• AI Security experience

• Cloud security experience (preferably in GCP and/or MS Azure)

BENEFITS:

• Attractive salary package based on skillset

• Your own Egnyte account with lifetime access to 50TB of cloud storage

• MyBenefit: you can choose a MultiSport card or gift cards every month

• Modern Health platform access - dedicated tool for mental health services

• Private medical healthcare

• In-house English classes