Application Security Engineer, Duo Security
We are Duo, and we’re here to democratize security for everyone. Our mission is to protect the mission of our customers like Facebook, Twitter, and Etsy by making security simple. We’re a diverse crew of makers and builders, skaters and coders, filmmakers and DJ’s, teachers and students brought together by a shared belief in adding value to the world. This diversity allows us to bring an empathetic approach to solve some of the most complex global business and security challenges we face today.
What you’ll do…
Perform security activities, including security design reviews, threat modeling, code auditing, and security assessments on internally & externally developed software.
Support product security issue triage, help coordinate 3rd-party security assessments, provide ad-hoc technical security expertise to product, sales, & engineering teammates.
Create and maintain application security development policies, procedures & standards.
Skills you have…
You have a strong understanding of many vulnerability classes impacting a variety of languages, with an ideal expertise towards C++, C# (.NET), Golang, and/or Python.
You’re comfortable manually auditing code for vulnerabilities, using static & dynamic code analysis tools, building custom security tools, and bootstrapping test environments.
You understand security engineering principles, and how to seriously consider when a “best practice” may not be, in fact, the best choice or positively impact actual security.
Bonus points if you’ve built security-minded Windows software & services, understand Windows OS security internals, and/or have experience exploiting Windows software.
3 Reasons why you should apply…
You’re excited to be part of building an ever-maturing application security program that covers the Security Development Lifecycle, from training through incident response.
You love to communicate in a friendly, supportive manner with software engineers, helping to not only identify security issues, but also mentor and advocate on solutions.
You’re passionate about security, but understand each control or process has a “cost” that must be thought about critically, and from the point-of-view of many stakeholders.
3 Reasons why you SHOULDN’T apply….
You only find excitement in breaking software. This role requires a broad participation in realizing a world-class application security program that leverages many talents at once.
Getting work done quickly is more important than how you present that work. We pride ourselves in detail-oriented, well-written communications -- whether on reports or email.
You don’t enjoy self-management of many tasks of various priority levels that can shift day-to-day. We value accountability of work that spans across tactical & strategic goals.