Middle Application Security Engineer (Remote)
  • Ukraine
  • PandaDoc
1 year before
31.01.2024
Securely Provision
Systems Development
Job Description

We are looking for people that believe in the PandaDoc culture and are ready to develop secure, reliable, and scalable product solutions within our fast-growing business.

Are you adaptable, driven, and friendly? Do you thrive in a fast-paced work environment where collaboration is the norm? If the answer is yes, then you’re a Panda and we want you to join our team.

About The Team

PandaDoc is looking for talented application security engineers focused on security initiatives that protect the security and privacy of the customers. Our goal is to ensure cyber resilience of PandaDoc products by preparing for, responding to, and recovering from cyber threats. Join us and help make life hard for the bad guys.

In This Role, You Will

• Participate in application security reviews and threat modelling, including code review (java, python, javascript) and dynamic testing
• Assist in development of automated security testing to validate that secure coding best practices are being used
• Advise product and development teams in the area of application security
• Own and perform application security vulnerability management
• Establish security training for developers
• Participate in red teaming activities
• Support the bug bounty program

About You

• Understanding DevSecOps methodology, familiarity with common security libraries, security controls, and common security flaws.
• Experience with OWASP, static/dynamic analysis, and common security tools.
• Ability to explain vulnerabilities to relevant stakeholders and discuss the ways to remediate it.
• Experience identifying security issues through code review.
• Experience working with developers.
• Solid interpersonal, written and verbal communication skills
• Intermediate English level (B1+)

Benefits

• An honest, open culture that emphasizes feedback and promotes professional and personal development
• An opportunity to work from anywhere — our team is distributed worldwide, from Lisbon to Manila, from Florida to California
• 6 self care days
• A competitive salary
• And much more!

Company Culture

We're known for our work-life balance, kind co-workers, & creative virtual team-bonding events. And although our Pandas are located across the globe, we stay connected with the help of technology and ensure that everyone on our team feels, well, like a team.

Pandas work best when they're happy. We retain our talent by upholding our values of integrity & transparency, and selling a product that changes the lives of our customers.

Check out our LinkedIn to learn more.

PandaDoc is an Equal Opportunity Employer. We are committed to equal treatment of all employees without regard to race, national origin, religion, gender, age, sexual orientation, veteran status, physical or mental disability or other basis protected by law.

EXTERNAL RECRUITERS

Approval Requirement

The use of external recruiters/staffing agencies requires prior approval from our HR Team. The HR Team at PandaDoc requests that external recruiters/staffing agencies not to contact PandaDoc employees directly in an attempt to present candidates. Complying with this request will be a factor in determining future professional relationships with PandaDoc.


Quick response

Required Knowledge
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0045   Knowledge of information security systems engineering principles (NIST SP 800-160).
  • K0082   Knowledge of software engineering.
  • K0091   Knowledge of systems testing and evaluation methods.
  • K0102   Knowledge of the systems engineering process.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0276   Knowledge of security management.
  • K0336   Knowledge of access authentication methods.

Required Skills
  • S0001   Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • S0023   Skill in designing security controls based on cybersecurity principles and tenets.
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • S0097   Skill in applying security controls.

Required Abilities
  • A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • A0015  Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
  • A0049  Ability to apply secure system design tools, methods and techniques.
  • A0050  Ability to apply system design tools, methods, and techniques, including automated systems analysis and design tools.
  • A0056  Ability to ensure security practices are followed throughout the acquisition process.
  • A0074  Ability to collaborate effectively with others.
  • A0119  Ability to understand the basic concepts and issues related to cyber and its organizational impact.
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).