Information Security Engineer (Application Security)
Come Join Our Passionate Team! At Barracuda, we make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level.
We know a diverse workforce adds to our collective value and strength as an organization. Barracuda Networks is proud to be an employer that complies with all applicable national, state and local laws pertaining to nondiscrimination and equal opportunity regardless of race, gender, religion, sex, sexual orientation, national origin, or disability.
Envision yourself at Barracuda
We are seeking a highly motivated and detail-oriented Information Security Engineer to join
our team. The successful candidate will have a strong background in information security, with
at least 2 years of experience in the field. They will be responsible for supporting the
organization's security posture by performing the work of an information security engineer,
including conducting vulnerability assessments and penetration testing, developing and
implementing security policies and procedures, and collaborating with cross-functional teams
to ensure the organization's security is robust and effective. The ideal candidate will have a
deep understanding of security principles, technologies, and industry best practices, as well
as experience working with public cloud infrastructure such as AWS and Azure Cloud.
Additionally, they will be responsible for onboarding and implementation of GRC tools, responding to security events and incidents, and participating in threat hunting activities. This is a security generalist role with opportunities to branch into more specialized disciplines within Information Security and Cybersecurity.
What you’ll be working on
- Support application security activities across the SDLC, including design, development, testing, release, and post-release review.
- Work with Engineering and Security teams to identify, document, and track application security risks, including issues related to insecure design, weak access control, exposed secrets, vulnerable components, misconfigurations, and other common software risks.
- Assist with reviewing application security findings, understanding risk context, coordinating with owners, and tracking remediation or accepted exceptions through closure.
- Support basic threat modeling activities by helping identify application assets, data flows, trust boundaries, misuse scenarios, and potential security requirements.
- Help promote awareness of common application security vulnerabilities, including OWASP Top 10 risks, secure coding principles, authentication and authorization concerns, input validation, data protection, and secure configuration.
- Maintain clear documentation for application risks, remediation status, ownership, exceptions, timelines, and follow-up actions.
- Support secure design and security review discussions for new features, product changes, integrations, and higher-risk application workflows.
- Collaborate with Engineering, Product, IT, and Security teams to improve secure-by-design practices and reduce software risk over time.
- Provide limited support to SOC/security operations when application-related alerts, incidents, or evidence require AppSec input, context, or follow-up.
Technologies and platforms you may work with
- Source code repositories and development workflow platforms
- Issue-tracking and remediation management tools
- CI/CD and release workflow documentation
- Security documentation, risk registers, and exception trackers
- Basic cloud and enterprise environments such as AWS, Azure, and Microsoft 365
- Limited exposure to SOC workflows, application-related alerts, logs, incident records, and security evidence
What you bring to the role
- 2+ years of experience in application security, information security, software security, security operations, software engineering, or a related technical area.
- Basic understanding of the software development lifecycle (SDLC) and how security fits into design, development, testing, release, and maintenance activities.
- Foundational understanding of common application security vulnerabilities, including OWASP Top 10 concepts such as broken access control, injection, insecure design, authentication issues, vulnerable components, and security misconfiguration.
- Basic understanding of software risk management, including risk severity, ownership, remediation timelines, exceptions, and follow-up.
- Awareness of threat modeling concepts such as assets, data flows, trust boundaries, attack paths, misuse cases, and security requirements.
- Ability to work with Engineering and Security teams to understand findings, ask clarifying questions, document risk, and track remediation.
- Strong documentation skills, attention to detail, and ability to maintain accurate trackers, notes, and follow-up records.
- Good communication and collaboration skills with the ability to explain security issues in a clear and practical way.
- Bachelor’s degree in IT, Cybersecurity, Computer Science, Software Engineering, or equivalent practical experience.
Nice to have
- Exposure to secure coding practices or previous collaboration with software development teams.
- Familiarity with application design reviews, secure SDLC processes, or software risk reviews.
- Basic understanding of CI/CD pipelines and release management concepts.
- Awareness of cloud security concepts in AWS, Azure, or similar environments.
- Exposure to SOC, incident response, vulnerability management, or security monitoring workflows.
- Entry-level certifications such as CompTIA Security+, ISC2 Certified in Cybersecurity, or similar security certifications.
What you’ll get from us:
A team where you can voice your opinion, make an impact, and where you and your experience are valued. Internal mobility – there are opportunities for cross training and the ability to attain your next career step within Barracuda. In addition, you will receive equity, in the form of non-qualifying options.
#LI-onsite