Software Security Engineer

Watertown, MA
Engineering – Software Engineering
Full-time
At Markforged, we are on a mission to unlock the next 10x of innovation in design and manufacturing. We build an Industrial 3D Printing Platform to liberate designers and engineers from decades-old, slow part creation processes. NASA, Google, Ford, Amazon, Siemens and thousands of companies in 50 countries use Markforged to print same-day prototypes and produce stronger end-use parts than they did before. With Markforged, customers are able to ship 50X faster, spend 20X less, and build products that are 23X stronger.

As a Security Engineer in a fast-paced software engineering team at Markforged, you will be a strong and independent team member passionate about securing cloud and IoT environments. You have demonstrable experience developing a secure software development lifecycle, building vulnerability management programs, and implementing security incident and event management systems. In this role you will also be a part of Markforged’s cross-functional security team spanning IT security, risk and compliance, and application security.

We refuse to compromise on security while maintaining speed and agility in our development processes. You will have the opportunity to do interdisciplinary work on physical systems and learn from best-of-the-best engineers across material science, mechanical, electrical, and software. In this role, you will have a superb opportunity to implement and maintain secure highly effective, reliable, and innovative technologies.

In this role you will:

    • Perform security assessments and identify risks in Markforged’s software, APIs, and IoT hardware
    • Track, validate, and remediate issues detected during security assessments
    • Design and implement a vulnerability management program
    • Develop technical solutions to mitigate security threats, vulnerabilities, and risks
    • Manage the implementation of a SIEM tool and automated security alerting
    • Contribute security feedback to engineers during all phases of the development lifecycle
    • Maintain and create secure development practices and programs for our engineering teams
    • Develop an incident response workflow for managing actionable security alerts

What we look for:

    • 5+ years experience securing web applications, IoT devices, and cloud infrastructure
    • Background in software engineering and common development practices in a collaborative and dynamic startup environment
    • Deep understanding of web application architecture and design principles
    • Knowledge of internet security issues in software design and code
    • Experience in writing understandable, testable, secure code with an eye towards maintainability
    • Experience implementing and managing vulnerability scanning tools, web application firewalls, and SIEM platforms
    • Knowledge of common security flaws and resolution as published by OWASP, SANS, etc
    • Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc) for security and quality
    • Experience with audits and certifications such as ISO27001, SOC2, and FedRAMP
    • Experience with Splunk, Qualys, Nessus, AWS, JavaScript, Node.js, and Postgres are all a plus
Markforged values the differences among our employees and provides equal employment opportunities to all employees and applicants for employment. These differences include but are not limited to race, color, ancestry, national origin, gender, sexual orientation, marital status, religion, age, disability, gender identity, results of genetic testing, or service in the military. This goal emphasizes the development of inclusive work environments that capitalize on each employee’s skills, experience, and unique perspectives as we strive to achieve an unparalleled standard of excellence.

To all recruitment agencies: Markforged does not accept agency resumes. Please do not forward resumes to our jobs alias or Markforged employees. Markforged is not responsible for any fees related to unsolicited resumes.