Senior Application Security Engineer

Legal Campbell, California Ann Arbor, Michigan Alpharetta, Georgia Chelmsford, Massachusetts United States

Job ID: 22-686

Come Join Our Passionate Team!  At Barracuda, we make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 220,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level.

 

We know a diverse workforce adds to our collective value and strength as an organization.  Barracuda Networks is proud to be an Equal Opportunity Employer, committed to equal employment opportunity and equitable compensation regardless of race, gender, religion, sex, sexual orientation, national origin, or disability.


Envision yourself at Barracuda


The Senior Application Security (AppSec) Engineer assures the safety and security of Barracuda Networks software and services through source code review, manual application security assessment, operation and integration of automated security assessment solutions, architecture review, and expert advice regarding software security trends, threats, best practices and incidents. Through assuring the safety and security of Barracuda Networks software and services, the Application Security Engineer helps to keep our customers and their data safe and secure.

What you’ll be working on:

  • Ensure the secure delivery of software from design through to implementation
  • Maintain awareness of software security trends, incidents, and best practices, and provide expert advice and guidance to engineering teams regarding secure development and vulnerability remediation.
  • Manage Barracuda’s bug bounty programs
  • Work collaboratively with the organization, including with Security, Compliance and Engineering, to understand and remediate computer and software security incidents
  • Evaluate new and emerging security technologies, features, and products.

What you bring to the role:

  • 3+ years' experience working in an Application Security Engineer capacity
  • Experience with manual code review or source code review, preferably for Python, PHP and Go
  • A deep understanding of software security best practices and vulnerabilities, especially as they relate to web applications (e.g. OWASP Top 10)

  • Experience identifying vulnerabilities in the design and implementation of software and SaaS services

  • Ability to perform source code review in new and unfamiliar languages using knowledge of security best practices and a willingness to read documentation

  • Ability to perform solutions architecture and design review

  • Experience in scoping and performing manual application penetration testing

  • Experience in assessing the risk of identified vulnerabilities, and providing correct, robust and actionable recommendations to mitigate and/or resolve the vulnerabilities

  • Experience in understanding software vulnerabilities, in finding other instances of the vulnerability across codebases, and in identifying collateral/related vulnerabilities

  • Experience in assessing the implemented resolution of a vulnerability for completeness and accuracy, and identifying bypasses for the implemented resolutions

  • Experience in working collaboratively with software development teams to identify vulnerabilities in all stages of software development

  • Experience in communicating effectively with people of varying security proficiency and interest (fellow security professionals, engineering, and management)

  • The ability to coordinate and participate in wide-scale Software Incident Security Response exercises such as the log4j response, understanding and unpacking information as incidents unfold, and in working across the organization to deliver a comprehensive "Identify, Resolve, Validate" solution

  • Basic programming experience in at least one language, preferably Python or Go

  • Awareness of automated software security scanners such as SAST/DAST/SCA

  • An understanding of cloud platform security concepts (preferably Azure and AWS)


What you’ll get from us:

 

A team where you can voice your opinion, make an impact, and where you and your experience are valued. Internal mobility – there are opportunities for cross training and the ability to attain your next career step within Barracuda.

 

  • High-quality health benefits
  • Retirement Plan with employer match
  • Career-growth opportunities
  • Flexible Time Off and Paid Time Off benefits
  • Volunteer opportunities

 #LI-MD1
#LI-DM1
#LI-MM1
 #LI-Hybrid