Senior Application Security Engineer (work from home)

San Francisco, CA /
Security /
Full-time
Moogsoft is the creator of Moogsoft AIOps - a next generation approach to IT Operations and Analytics driven by real-time machine learning. Moogsoft AIOps helps Enterprises & Service Providers deliver consistently excellent customer experiences, regardless of the underlying complexity or dynamic nature of the supporting infrastructure. 

As part of the core security team tasked with looking after all things security for Moogsoft, and its primary appsec expert, you will have a deep understanding of the appsec domain, including state of the art security products/approaches and ongoing awareness of global threat trends.  

You will work closely with our Engineering and IT functions to ensure appropriate controls are in place and to ensure that security policies are being effectively employed. Responsible for running and growing the Threat & Vulnerability Management program. This role leads and coordinates stakeholder meetings with affected stakeholders as well as provides updates to management regarding scanning results and remediation plans.

You will...

    • Partner with our Engineering/Development teams to ensure all security best practices are established, enabled and enforced, including coding, deployment architecture and runtime defense
    • Establish full automated security checks in our build pipeline
    • Be responsible for the security of our runtime (public cloud) infrastructure
    • Have responsibility for the security of our remote workforce
    • Have responsibility for the security of the SaaS products we use ( Salesforce, G-Suite, etc.)
    • Handle security responses for RFPs and incoming questionnaires from prospects/customers (including the maintaining of a response management system ( rfpio, loopio, etc. )
    • Oversee our annual SOC2 re-attestation
    • Manage our bug bounty program
    • Operate our SIEM/UEBA platforms
    • Perform hands-on threat modeling, risk assessment, and web service security validation.
    • Develop significant security initiatives from inception to successful deployment
    • Research security topics and provide perspective on leading industry trends
    • Collaborate with other senior members of our staff to define our technical strategy 

You have...

    • BS in Computer Science or Engineering
    • 5+ years Appsec experience
    • Familiarity operating/running established security products ( Nessus, Twistlock, SIEMs, UEBAs, etc.)
    • Thorough understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security)
    • Must be well versed in OS function/security ( primarily Linux ), Network function/security, cloud function/security ( primarily AWS ) and container function/security (primarily Docker/Kubernetes)
    • Demonstrated understanding of applied cryptography (encryption, signing, certificates, algorithms) and enterprise key management
    • Strong experience with Application Security Testing (AST) including static/dynamic code analysis and composition
    • Familiarity with modern CI/CD pipelines
    • Experience with vulnerability scanners, vulnerability management systems, patch management and host-based security system
    • Familiarity with modern bug bounty programs 
    • Security certifications (e.g. CISSP, CISA) and Technical network certifications (e.g. CCNA, CCNP Security) are highly desirable
    • Experience with SOC2 highly desirable
    • Familiarity with infrastructure as code (IaC) highly desirable
    • Familiarity working with global ISAC systems

Moogsoft perks and benefits:

    • Flexible vacation and sick day policy
    • Competitive salary, 401(k) plan and equity to all employees
    • Attractive benefits package, including health and dental coverage
    • Pet insurance, preferred pricing
    • Opportunity for career development in a fast-paced, progressive company