Duo Security company image
Duo Security
Our mission is simple: democratize security by making it easy and effective for everyone to use.
Hybrid
View Profile
Jobs//Hybrid//Cybersecurity + IT//

Application Security Technical Lead - Duo Security

Sorry, this job was removed at 11:35 a.m. (CST) on Tuesday, May 19, 2020
View 165 Jobs
Find out who's hiring in Austin.
See all Cybersecurity + IT jobs in Austin
View 165 Jobs
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job

The Application Security team is responsible for ensuring that each engineer at Duo Security is enabled & supported throughout the Secure Development Lifecycle (SDL) to build security-resilient software. Whether for internally built technologies that help to “engineer the business,” or to delight our customers with innovative products & services, Duo’s Application Security team provides its capabilities across the entire business unit to reduce overall risk.

What you’ll do…

  • Lead various types of Application Security technical initiatives to assist in furthering the maturity and security posture of Duo and its products.
  • Work closely with teams, people, and leaders outside of AppSec to build positive relationships.
  • Provide security guidance on feature designs and specifications
  • Work closely with engineers on identifying and providing guidance on risk by reviewing architecture and implementation artifacts.
  • Perform code reviews and audits of new and existing features.
  • Identify and implement new ways that we can validate the security of Duo products and its development practices at scale.
  • Support product security incident response escalations, coordinate 3rd-party security assessments, provide ad-hoc technical security expertise to product, sales, & engineering teammates.
  • Research, build and implement tools, libraries & frameworks that aid developers in writing secure code.

Skills you have…

  • You have a strong understanding of many vulnerability classes and how they occur across a variety of languages including Python, Javascript, Java, C, C#, and Objective-C. An expertise in one or more of those languages is highly desirable.
  • You’re comfortable manually auditing code for vulnerabilities and using both commercial and custom static & dynamic code analysis tools (e.g. burpsuite, bandit, dlint)
  • You are able to mentor and be mentored on security practices, controls and bring an influential flair to your audience whether it is one on one, during a presentation, or workshop.
  • You understand security engineering principles, and how to seriously consider when a “best practice” may not be, in fact, the best choice or positively impact actual security and our customers.
  • Have been a part of a PSIRT team or have a solid understanding of the concepts and methodology

4 Reasons why you should apply…

  • You’re excited to be part of building an ever-maturing application security program that covers the Security Development Lifecycle, from training through incident response.
  • You love to communicate in a friendly, encouraging manner with software engineers and product managers, helping to not only identify security issues, but also a mentor and advocate on solutions.
  • You’re passionate about security, but understand each control or process has a “cost” that must be thought about critically, and from the point-of-view of many stakeholders.
  • You want to continuously elevate your skills and the skills of your teammates.

4 Reasons why you SHOULDN’T apply….

  • You only find excitement in breaking software. This role requires a broad participation in realizing a world-class application security program that leverages many talents at once.
  • Getting work done quickly is more important than how you present that work. We pride ourselves in detail-oriented, well-written communications -- whether on reports or email.
  • You don’t enjoy self-management of many tasks of various priority levels that can shift day-to-day. We value accountability of work that spans across tactical & strategic goals.
  • You are a lone wolf and prefer not to work on a team where collaboration and insight focuses the team for success on a daily basis.

We are Duo, and we’re here to democratize security for everyone. Our mission is to protect the mission of our customers like Facebook, Twitter, and Etsy by making security simple.

We’re a diverse crew of makers and builders, skaters and coders, filmmakers and DJ’s, teachers and students brought together by a shared belief in adding value to the world. This diversity allows us to bring an empathetic approach to solve some of the most complex global business and security challenges we face today.

Duo is committed to cultivating and preserving a culture of inclusion and connectedness. We are able to grow and learn better together with a diverse team of employees. The collective sum of the individual differences, life experiences, knowledge, innovation, self-expression, and talent that our employees invest in their work represents not only part of our culture, but our reputation and Duo’s achievement as well. In recruiting for our team, we welcome the distinct contributions that everyone brings in terms of their education, opinions, culture, ethnicity, race, gender identity and expression, nationality, age, languages spoken, veteran’s status, religion, disability, sexual orientation and beliefs.

And if this role is exciting you, we encourage you to apply even if you don’t meet all 100% of the description or qualifications. Finally and most importantly, we are a proud Equal Opportunity Employer.

See More
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.
Brian Lindauer
Head of Data Science and Engineering
CONTINUOUS LEARNING
Creating an environment for professional growth
Duo Security engineers are often working in a place of ambiguity because there’s often little or no ground truth to inform developers on where to go. It takes a lot of user research and cross-collaboration to solve these challenges, but the company’s emphasis on personal growth for its team — personal development plans, the Duo Tech Summit, mentorship and generous training budgets — ensure that everyone’s suited for the job.
Duo Security engineers are often working in a place of ambiguity because there’s often little or no ground truth to inform developers on where to go. It takes a lot of user research and cross-collaboration to solve these challenges, but the company’s emphasis on personal growth for its team — personal development plans, the Duo Tech Summit, mentorship and generous training budgets — ensure that everyone’s suited for the job.
Duo is a place where your work can have an impact. Our business is still small enough that every single person’s work makes a huge difference for the company and its customers.
Brian Lindauer
Head of Data Science and Engineering
Hector Menchaca
Head of Engineering Effectiveness
Challenge Seekers
Collaborating and innovating to improve technology
One of Menchaca’s most interesting projects was improving Duo’s continuous integration (CI) build times. “When I joined the company, our build process in CI took anywhere from 1-4 hours (or longer), and after we took ownership of that process, we now build and test in under 20 minutes, spawning multiple parallel pipelines,” Menchaca said. “Our focus on problem-solving leads us to interesting places.”
One of Menchaca’s most interesting projects was improving Duo’s continuous integration (CI) build times. “When I joined the company, our build process in CI took anywhere from 1-4 hours (or longer), and after we took ownership of that process, we now build and test in under 20 minutes, spawning multiple parallel pipelines,” Menchaca said. “Our focus on problem-solving leads us to interesting places.”
As cultures go, Duo’s is one of the most dynamic and positive I’ve ever been a part of. At the end of the day, you make progress, do great things and build relationships along the way.
Amber Lindholm
Head of Design Research
PEOPLE FIRST
Products for the people who use them
People are focused on other things than securing access to their data. For Lindholm, that’s not an unfortunate fact: “Instead of having to spend valuable time convincing people to care, we get to focus on the work of ensuring we have the best product experience.” Through stakeholder and user personas — “Gary” and “Lee” are two of them — Duo’s entire technical team is creating products with the end experience in mind.
People are focused on other things than securing access to their data. For Lindholm, that’s not an unfortunate fact: “Instead of having to spend valuable time convincing people to care, we get to focus on the work of ensuring we have the best product experience.” Through stakeholder and user personas — “Gary” and “Lee” are two of them — Duo’s entire technical team is creating products with the end experience in mind.
We have to make it so easy to use our product that the most secure path is actually the happy path for our end users and the people that deploy and administer our products.
Amber Lindholm
Head of Design Research

What are Duo Security Perks + Benefits

Duo Security Benefits Overview

We like to keep everyone happy and healthy. From financial security to personal growth, we're here to support you.

Culture
Volunteer in local community
Partners with nonprofits
Open door policy
OKR operational model
Team based strategic planning
Open office floor plan
Flexible work schedule
Remote work program
Diversity
Documented equal pay policy
Dedicated diversity and inclusion staff
Highly diverse management team
Mandated unconscious bias training
Diversity manifesto
Mean gender pay gap below 10%
Diversity employee resource groups
Hiring practices that promote diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Wellness programs
Mental health benefits
Financial & Retirement
401(K)
401(K) matching
Company equity
Employee stock purchase plan
Performance bonus
Charitable contribution matching
Child Care & Parental Leave Benefits
Childcare benefits
Generous parental leave
Family medical leave
Adoption Assistance
Company sponsored family events
Vacation & Time Off Benefits
Generous PTO
Paid volunteer time
Paid holidays
Office Perks
Company-sponsored outings
Free snacks and drinks
Onsite office parking
Home-office stipend for remote employees
Professional Development Benefits
Job training & conferences
Tuition reimbursement
Lunch and learns
Promote from within
Mentorship program
Continuing education stipend
Continuing education available during work hours
Online course subscriptions available
Customized development tracks
Paid industry certifications
View full list of perks + benefits
Photo Gallery

More Jobs at Duo Security

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Save job
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about Duo SecurityFind similar jobs like this