Product Security Engineer

We’re looking for a hands-on Security Engineer to join our growing Product Security team.

The opportunity:

Security engineers at Egnyte are involved in every stage of the SDLC pipeline to highlight security vulnerabilities and provide expert advice on reducing them. By promoting security principles, ongoing penetration testing, and developing “paved roads,” we’re able to provide our customers with a secure and reliable product.

Currently, we’re seeking an engineer who’s well-rounded in terms of application security and has in-depth expertise in one or more particular areas. You’ll be able to apply your skills to interesting challenges—joining Egnyte is an opportunity to work with diverse technologies and large-scale software (1 million users, 20k transactions per second, 28 Petabytes of data). Working closely with more senior security engineers will enable you to develop your expertise in the wide range of areas of your choosing.

To excel at this role, you need to be passionate about DevSecOps, as it’s something we’re genuinely committed to at Egnyte. Knowledge about cloud platform security practices and interest in developing security tooling are important as well. You will have a chance to develop security-oriented tools and processes from conception to completion.

Your day-to-day at Egnyte:

• Work with engineering teams providing expertise and advice regarding secure architecture, design, and implementation
• Develop reliable and scalable security-oriented tools
• Develop / Integrate security into the Software Development Life Cycle
• Perform black box and white box applications security assessments
• Reproduce, score, and further analyze issues reported through our bug bounty programs
• Identify opportunities for vulnerability remediation and mitigation
• Develop tools, documentation, processes, and techniques to ensure the security of our software
• Partner with engineering teams in the design phase of new products and features to conduct threat modeling, plus security architecture, design, and code reviews
• Share your experience with junior engineers to foster a culture of excellence

What skills are we looking for?

• 3+ years of application security experience, DevSecOPS/Automation background preferred
• Experience with securing software development lifecycle (SDLC) including manual and automated application security testing 
• Hands-on experience performing secure code review and architecture design reviews
• Understanding of OAuth/OIDC implementation
• In-depth knowledge of OWASP guidelines: Application Security Verification Standard (ASVS), Mobile Application Security Verification Standard (MASVS), Web Security Testing Guide (WSTG), Mobile Application Security Testing Guide (MASTG), TOP 10
• Solid knowledge of security testing tools and techniques
• Being able to learn and find bugs in any language, specifically Java, JavaScript, Go, and Python
• Familiarity with concepts like Identity, Data protection, Monitoring, and IR in the cloud services space
• Ability to create and deploy your own tools and automation (preferably in Python)
• Being a strong communicator who is comfortable working cross-functionally, with a track record of delivering results and demonstrating strong ownership.
• English level: C1

Bonus Points:

• Experience as a hands-on developer in Java, Python, or JavaScript.
• Experience configuring CI/CD pipelines (e.g., GitLab CI, Jenkins)
• Experience with security assurance for desktop and mobile applications.
• Experience running penetration testing against cloud-native applications