Staff Product Security Engineer

Staff Product Security Engineer

ABOUT EGNYTE

Egnyte is the secure multi-cloud platform for content security and governance that enables organizations to better protect and collaborate on their most valuable content. Established in 2008, Egnyte has democratized cloud content security for more than 22,000 organizations, helping customers improve data security, maintain compliance, prevent and detect ransomware threats, and boost employee productivity on any app, any cloud, anywhere. For more information, visit www.egnyte.com.

Security engineers at Egnyte are involved in every stage of the SDLC pipeline to highlight security vulnerabilities and provide expert advice on reducing them. By promoting security principles, ongoing penetration testing, and developing “paved roads,” we’re able to provide our customers with a secure and reliable product.

Currently, we’re seeking an engineer who’s well-rounded in terms of application security and has in-depth expertise in one or more particular areas. You’ll be able to apply your skills to interesting challenges—joining Egnyte is an opportunity to work with diverse technologies and large-scale software (1 million users, 20k transactions per second, 28 Petabytes of data). 

To excel at this role, you need to be passionate about DevSecOps, as it’s something we’re genuinely committed to at Egnyte. Knowledge about cloud platform security practices and interest in developing security tooling are important as well. You will have a chance to develop security-oriented tools and processes from conception to completion.

WHAT YOU’LL DO:

●       Partner with engineering and product teams providing expertise and advice regarding secure design, implementation, and best practices;

●       Conduct threat modeling, code and architecture reviews, and penetration testing for Web, Mobile, and Desktop apps.

●       Maintain high ownership, and embrace a proactive and constructive approach to effective problem-solving.

●       Identify opportunities for vulnerability remediation and mitigation

●       Develop tools, processes, techniques, and documentation to ensure the security of our software

●       Validate and assess issues reported through our bug bounty programs

●       Maintain consistently high communication, productivity, and teamwork standards across all teams.

●       Share knowledge, mentor and train other team members to foster a culture of excellence and security awareness in software engineering

YOUR QUALIFICATIONS:

●       5+ years of application security experience.

●       Proven experience in implementing Secure-SDLC

●       Ability to solve complex problems with simple, efficient, and clean solutions.

●       A clear vision of how to improve an application security program.

●       Hands-on experience conducting code and architecture security reviews, penetration tests, and thread modeling.

●       In-depth knowledge of OWASP guidelines & standards (ASVS, MASVS, WSTG, and related).

●       Ability to write and deploy your tools and automation.

●       Familiarity with concepts like identity, data protection, monitoring, and incident response in the cloud applications space.

●       Being a strong communicator who is comfortable working cross-functionally.

●       Strong sense of ownership and ability to long-term projects and initiatives.

●       Good command of English that allows you to effectively communicate and perform your tasks (B2/C1+)

BONUS SKILLS:

●       Leadership skills and experience.

●       Experience as a Software Engineer or Architect

●       Cloud experience (preferably in GCP and/or MS Azure)

BENEFITS:

●       Attractive salary package based on skill set

●       Company equity depending on role and level

●       Your own Egnyte account with lifetime access to 50 TB of cloud storage

●       MyBenefit: you can choose a MultiSport card or gift cards every month

●       Private medical healthcare

●       In-house English classes