This position will be responsible for regular code reviews, improving the secure development and testing procedures, investigating reported product vulnerabilities and prioritizing remediation or mitigation efforts.
-Threat Modelling – work with the development teams to ensure that threat modelling is performed for all product updates and enhancements
-Incorporate automated and manual security testing (SAST/DAST/SCA/fuzz testing) into all product pipelines. Perform manual penetration testing using advanced tools
-Participate in the Product Security Incident Response effort for all One Identity products. Assess reported or discovered vulnerabilities and prioritize remediation.
-Develop and/or improve, maintain, and monitor Secure Build infrastructure to ensure the security and integrity of application code delivered to customers
-Work with development teams, and provide training to Security Champions and other R&D personnel to continue to shift security left
-Maintain knowledge of application security related vulnerabilities, including cryptographic implementations and mitigation strategies
-CISSP or equivalent
-Experience with security testing tools.
-Experience securing cloud applications and infrastructure, particularly in Azure
-Extensive knowledge of cryptographic algorithms and key management practices
-Deep knowledge of OWASP Top 10, CWE Top 25, common programming errors, and the ability to assist developers in preventing or correcting them
-Able to gain trust from and communicate effectively with deeply technical software development engineers
-Written and spoken fluency in English
-CEH, OSCP, GPEN, CompTIA Pen-Test+ or equivalent certification
-Deep experience with Coverity/Polaris, Whitesource, Acunetix, and numerous manual testing tools such as Burp Suite, Wireshark, SQLMap, NMAP, Metasploit, sandboxing tools, etc
-Experience integrating security into an Agile environment
-Ability to author and/or critique procedures, white papers, security guides
The ideal candidate is a highly-motivated individual who can work as part of a team or independently as required by the circumstances. Must have a strong interest and background in secure coding techniques, as well as the abilitiy to assess and appropriately prioritize security vulnerabilities. Deep experience using security testing tools and frameworks.
One Identity enables organizations of all sizes to better secure, manage, monitor, protect, and analyze information and infrastructure to help fuel innovation and drive their businesses forward. With team members around the globe, we intend to continue to grow revenues and add value to customers.
When you join our team, you will have the opportunity to build and develop products at a scale few others can provide. Our product portfolio serves a large base of customers and we are addressing the strategic imperatives for enterprise businesses. Working with some of the most talented employees the industry has to offer, we provide enhanced career opportunities for team members to learn and grow in a rapidly changing environment.
Why work with us?
- Life at One Identity means collaborating with dedicated professionals with a passion for technology.
- When we see something that could be improved, we get to work inventing the solution.
- Our people demonstrate our winning culture through positive and meaningful relationships.
- We invest in our people and offer a series of programs that enables them to pursue a career that fulfills their potential.
- Our team members’ health and wellness is our priority as well as rewarding them for their hard work.
One Identity is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: One Identity is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at One Identity are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. One Identity will not tolerate discrimination or harassment based on any of these characteristics. One Identity encourages applicants of all ages.
Job seekers should be aware of fraudulent job offers from online scammers and only apply to roles listed on quest.com/careers using our applicant system. Note: We do not use text messaging or third-party messaging apps like Telegram to communicate with applicants, so please exercise caution if you are approached in this way and only interact with people claiming to be Quest or One Identity employees if they have an email address ending in @quest.com or @oneidentity.com