ExtraHop
Senior Product Security Engineer with experience in modern software development practices and securing web applications, APIs, and software systems.
Upwork
Design and build Upwork's Agentic platform using Java, Vue.js, Nuxt.js, AWS, Docker, and microservices. Collaborate with teams to create an outstanding user experience for millions of users.
Upwork
Design and build Upwork's Agentic platform using Java, Vue.js, Nuxt.js, AWS, Docker, and microservices. Collaborate with cross-functional teams to create high-performing user experiences for millions of users worldwide.
Mercury
Work on the most critical touchpoints in our product — between our users and the lifeblood of their business. Collaborate with designers and product leaders to deliver lovable experiences around card issuing and management. Build infrastructure ensuring reliable and secure operations with partner banks.
Monarch Money
Design Engineer at Monarch: Create polished user experiences across desktop and mobile platforms
Rackspace
Cloud Engineer for Rackspace Technology, supporting Site Reliability, DevOps Infrastructure on Google Cloud, with a focus on large-scale GCP employments and migrations.
Consensys
Develop innovative features for MetaMask Card and integrate crypto with traditional payment systems.
Binance
Senior QA Engineer (Cloud) job at Binance: Develop high-quality cloud-based products with a talented team.
Apollo.io
Provide world-class customer support for Apollo.io, assist users with product questions, and contribute to improving the product and user experience.
Scribd
Lead Scribd's MarTech initiatives by developing strategies that enhance customer engagement and drive data-driven decisions. Collaborate across teams to integrate tools and ensure compliance with privacy regulations.
MariaDB plc
Senior Server Database Engineer at MariaDB: Contribute to open-source database innovation, optimize performance, scalability & reliability.
Postman
Senior Full Stack Engineer for remote EMEA team at Postman
Postman
Senior Full Stack Engineer for API Network team at Postman
Collabora
Enhance open-source software like LibreOffice by fixing document issues, presenting at conferences, and collaborating with a global team. Use C++17 and contribute to the Open Source community while working remotely or traveling globally.
Aircall
Senior Software Engineer for Authentication team at Aircall, using NodeJS & Typescripts back-end stacks on AWS
The Athletic Media Company
Full-stack software engineer for The Athletic in Australia, with experience in Javascript, React, Apollo, and AWS.
Whatnot
Senior Frontend Engineer - Growth at Whatnot: Expand new user funnel, build incentivized buyer growth strategy, drive top-line metrics
CaptivateIQ
Senior Fullstack Software Engineer at CaptivateIQ - design & build data platform functionality
Welocalize
Senior Fullstack Software Engineer for global software development team, developing back-end solutions with NodeJS and front-end solutions with VueJS or React.
Kueski
Join Kueski as a Senior Fullstack Software Engineer and contribute to innovative financial services, with flexible remote work options and equity in a fast-growing company.
ExtraHop
ExtraHop is seeking a Senior Product Security Engineer with experience in modern software development practices to build and operate product security program capabilities, tools, and processes. The ideal candidate will have a mix of software development and application security experience, enjoy working in a collaborative environment, and be familiar with securing web applications, APIs, and software systems. Key responsibilities include defining standards for secure development, performing threat modeling, and implementing vulnerability scanning tools. The position requires 8+ years of experience in security engineering, application security, and software development, as well as knowledge of cloud-based technologies such as AWS and container environments like Kubernetes and Docker. ExtraHop offers a competitive salary range of $136,600 - $180,000 per year, plus bonus and benefits.
Position Summary
Do you enjoy the challenge of securing complex systems? Want to be a part of a collaborative team that builds solutions that protect some of the biggest networks in the world? ExtraHop is seeking a Senior Product Security Engineer, experienced with modern software development practices to build and operate product security program capabilities, tools, and processes that allow us to keep pace with a rapidly changing security landscape, reduce security risk and enable organizational success.
We're looking for candidates with a mix of software development and application security experience, who enjoy working in a collaborative environment and taking direct action to identify, remediate and prevent vulnerabilities and security issues.
You must have experience with securing web applications, APIs and software systems, working with public cloud infrastructure, and be familiar with container technologies.
Key Responsibilities
Define standards for secure development and configuration of application and infrastructure components; and coordinate with other teams to ensure compliance with those standards
Perform threat modeling, security design reviews, code reviews, and security consultations with software and systems engineers
Implement, manage and improve vulnerability scanning tools (including SAST, DAST, SCA, and application fuzzing), configuration auditing and other security assessment tools
Build and improve vulnerability management processes and tooling to support system owners to successfully
Conduct manual pen testing of new features + existing systems; lead red team exercises
Coordinate third party pentesting and bug bounty programs
Triage vulnerability findings, evaluate risk, recommend effective remediation actions
Develop and deliver training on secure development standards and process
Contribute to disaster recovery and contingency planning
Perform and/or lead security incident response activities
Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections
Support security compliance & certifications programs (e.g., FedRAMP, NIST SP800-53, NIST CSF, SOC 2, ISO, FIPS 140-2, etc.) by becoming familiar with control requirements, owning/operating specific controls, and helping other teams meet requirements
Other duties as assigned
Required Qualifications
Bachelor’s degree or equivalent experience in computer science, engineering, or information technology
8+ years of experience in security engineering, application security and software development
Experience securing cloud-based web applications, APIs, data; performing security design reviews, code reviews and threat modeling exercises
Knowledge of software security vulnerabilities and best practices for Golang, Typescript, Javascript, Python, C/C++, React
Solid knowledge of Git
Experience working with container-based environments (Kubernetes, Docker, LXC, etc.)
Experience with AWS cloud platform
Must be a U.S. citizen
Preferred Qualifications
Obtained applicable certifications for software security, web application penetration testing or equivalent
Experience securing a cloud service (i.e., software as a service (SaaS)) offerings and shippable software products
Experience with meeting FedRAMP, NIST SP 800-53 and similar compliance requirements
Experience with Google Cloud Platform (GCP) and Azure
Experience deploying and maintaining systems using modern Orchestration and Infrastructure-as-Code technologies
The base salary for this position rages from 136,600 - 180,000 plus bonus + benefits
Note: employees, including fully remote staff, are expected to attend two in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each.
