The Staff Application Security Engineer at Ivanti is a key role responsible for conducting security assessments and developing a deep understanding of Ivanti products and services. This includes threat modeling, code reviews, and penetration tests. A top candidate would be passionate about security, have extensive experience in web application security, and possess a deep technical understanding of security vulnerabilities and defense techniques. They would have excellent communication skills, the ability to educate and coordinate with stakeholders, and a desire to make a difference by enhancing product security operations. Working at Ivanti offers competitive salary, benefits, flexible hours, and the opportunity to be part of a globally recognized leader in IT systems and security management. Ivanti's Security Department is responsible for implementing and maintaining organization-wide information security policies, standards, guidelines, and procedures. The security team works collaboratively with other business units to document business requirements, then solves for those requirements through a variety of aligned platforms which make up our enterprise architecture. The teams ultimate goal is to keep Ivanti, our data, our customers and employees safe.,
* Develop both broad and deep technical understanding of Ivanti products, services and architectures
* Conduct security assessments such as threat modeling, secure architecture, code reviews and penetration tests on web and mobile applications and services
* Interpret security vulnerability reports to stakeholders, providing advice on vulnerability prioritization, remediation and mitigation
* Closely coordinate with all stakeholders to bake in security into all phases of SDLC
* Create and maintain documentation for security processes
* Deliver accurate metrics to stakeholders and business leaders in a clear and concise manner
* Maintain high proficiency in relevant security topics (latest vulnerabilities, TTPs, exploits, etc.)
* Create and deliver security education across the organization
* Develop innovative and scalable tools, solutions and processes to enhance product security operations
* Support accurate security tooling implementation to maximize their effectiveness and interpret their results to relevant stakeholders
8+ years of experience in web application security roles
* Deep technical understanding of both common and uncommon security vulnerabilities
* Passion and self-drive for researching vulnerabilities and latest exploitation techniques
* Ability to discover and exploit security vulnerabilities as well as to give practical and applicable remediation advice
* Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc.)
* Ability to explain vulnerabilities in a precise, concise and easy to understand manner to stakeholders of varying security and technical backgrounds
* Ability to work in a self-directed environment that is highly collaborative and cross functional
* Experience in performing Threat Modeling and providing actionable advice from its results
* High level of experience in scoring security vulnerability severities through CVSS
* Good understanding of SSDLC as well as development and integration tools and technologies uses as part of CI/CD pipelines
* Experience implementing, running and maintaining tools and processes to reliably identify security issues across large code bases (SAST, SCA, DAST, container scanning, penetration tests, etc.)
* Experience providing secure coding education to developers
* Experience with at least one programming language (preferrable Python) Ability to performing internal penetration tests as well as coordinating penetration tests executed by third party vendors
* Ability to triage and reproduce security vulnerabilities from varying internal and external reporting sources
* Experience in programs such as Responsible Disclosure, Bug Bounty or Vulnerability Disclosure Program
Who you are
* Quick learner with high level of curiousity. You are confident in picking up new technologies and pivoting when the situation requires it. Fast paced environment makes you thrive.
* Critical thinker with expert troubleshooting skills. For you, difficult problems exist so that they can be unpacked and repacked in a nicer layout. You provide practical and creative solutions for complex issues.
* Passionate for security. You genuinely care about making software products and the world a more secure place.
You are an ideal candidate if you
* Want to make a difference
* Have high experience in web application, database and infrastructure security topics
* Have high technical knowledge on security vulnerabilities, defense techniques and security best practices
* Can easily explain complex topics
* Have excelent verbal and written communication skills
* Enjoy working cross teams and being a valuable resource to other engineers
* Have experience in authentication and authorization standards and protocols (SAML, Oauth, LDAP, AD, etc.)
* Know how to go beyond generic security vulnerability remediation advice
* Can read and write code with ease
* Love to learn about latest security topics even in your free time
* Have good understanding of one or more major cloud providers (Azure, AWS, GCP)
* Know how to educate others on security topics
* Have previous experience in securing SaaS applications and cloud environments at scale
* Understand in depth CI/CD pipelines, containerization (Kubernetes, Docker, etc.) and Microservices
* Know how to coordinate external vulnerability reporting
* Have B.S. Computer Science or similar combination of education and experience
Ivanti is a global leader in IT systems and security management, service management, asset management, and mobility management solutions, and is experiencing significant growth worldwide. The company has received numerous awards for being a Top Place to Work. With open positions around the globe, it's an exciting time to join Ivanti! Competitive salary and benefits and flexible hours. Ivanti is a great place to work.
If you're passionate about what you do and are interested in developing solutions that make a difference and in having fun while doing it, Ivanti is the place for you!