Application Security Engineer
Laserfiche is adding an Application Security Engineer to our growing team! As an Application Security Engineer, your primary responsibility will be to help Laserfiche build and deliver secure software to our customers, who use Laserfiche applications to manage their enterprise data and automate their business processes. Application Security Engineers bring a broad mixture of strong communication, coding, systems, and cybersecurity expertise to bear to help our teams keep our customers' data protected from security threats during the development and operations of Laserfiche's cloud services.
Eligible States for Remote Work: Arizona, California, Florida, Georgia, Hawaii, Maryland, Massachusetts, Minnesota, Nevada, Ohio, Oregon, Texas, Utah, Virginia, Washington, Washington DC, West Virginia and Wisconsin
What You'll Do:
- Collaborate with engineers in multiple product development teams to implement static analyzers, fuzzers, and other (semi-) automated security tools as part of the SDLC, including deployment to CI/CD pipelines
- Implement technologies to detect vulnerabilities in externally sourced packages and libraries, and develop and execute procedures to trace and track Laserfiche’s exposure to vulnerable packages
- Collaborate with engineering teams to create and evaluate threat models to enumerate threats, define mitigations and countermeasures, prioritize security improvements, and reduce application security risks
- Perform design and security code reviews in accordance with industry-leading practices
- Manage and track the remediation of critical product and component security vulnerabilities and weaknesses across the entire product suite
- Document and maintain software development security policies, controls, and procedures
- Provide training on cybersecurity, secure coding best practices and threat modeling to software architects, engineers, and testers
What We're Looking For:
- 3+ years of application development experienced focused on application security
- Experience in identifying and fixing web application security issues in production systems
- Experience in deploying static analyzers, fuzzers, or similar security tools with web or mobile applications
- Familiarity with malware, emerging threats, attacks, and the vulnerability management landscape and trends
- Excellent writing and communication skills
- Ability to work well independently or with a team
- Bachelor’s degree or higher
- Understanding of computer systems and networking fundamentals
- Experience in environments employing DevOps practices and implementing security in CI/CD processes
- Experience with container-based technologies (Docker, Kubernetes) and container security
- Experience with AWS security (e.g., IAM, EC2, VPC, S3) and cloud best practices is a plus
- Generalist certifications such as CISSP, SANS certifications (e.g., GSEC, GCIH, GICSP) is a plus
- Specialist certifications such as offensive security (e.g., OSCP, OSCE) and/or SANS (e.g., GPEN, GWAPT) is a plus
What We Offer:
- Remote work opportunities + hybrid work arrangement
- Temporary or permanent workplace relocation in states we have a business presence
- Paid volunteer days to give back to the community
- 15 days of paid time off (to start) + 4-day year-end closure + 3 additional 'me' days
- 9 days of paid public holidays
- Generous 401 (k) employer match contribution
- Professional development and career growth opportunities
- Mentorship program participation to inspire the rising leaders of Laserfiche
- Employee Resource Groups (ERG) and opportunities to contribute to our DEI initiatives
- Employee Referral Program
Laserfiche is the leading SaaS provider of intelligent content management and business process automation. Customers in 5+ industries use Laserfiche cloud-first development approach to boost productivity, scale their business and deliver digital-first customer experiences.
Laserfiche employees in offices around the world are committed to the company’s vision of empowering customers and inspiring people to reimagine how technology can transform lives.
Click here to learn more about Life at Laserfiche.
Laserfiche complies with all Equal Opportunity and Affirmative Action regulations. Laserfiche makes all employment decisions – such as recruiting, hiring, training, promotion, compensation, professional development practices, discipline and termination – without regard to race, religion, color, national origin, ancestry, citizenship, sex, pregnancy, age, creed, physical or mental disability, medical condition, genetic characteristic, marital status, veteran status, gender identity/expression, sexual orientation or any other characteristic protected by law, except as may be permitted by law.