Product Security Engineer
At Ping Identity, we're changing the way people think about enterprise security technology. With our innovative Identity Defined Security platform, we're helping to build a borderless world where people have total freedom to work wherever and however they want. Without friction. Without fear.
We're headquartered in Denver, Colorado, and we have offices and employees around the globe. And we serve the largest, most demanding enterprises worldwide, including over half of the Fortune 100. Because even in the most complex enterprise environments, security shouldn't be a source of anxiety. It should be one of your greatest competitive advantages.
We call this digital freedom. And it's not just something we provide our customers. It's something that drives our company. People don't come here to join a culture that's built on digital freedom. They come to cultivate it.
As an Application Security Engineer, you will gain invaluable experience at a visionary security company. The position requires a passion for application security, the ability to work in a fast moving, distributed and agile environment, excellent communications skills, and attention to latest security best practices.
- Own Security Engineering for assigned Ping Identity products and tools
- Assist in developing and implementing Secure Software Development Lifecycle (SSDLC) practices
- Work with the product teams to perform security design/code reviews and vulnerability assessment and management in an agile environment
- Perform security tasks including (but not limited to) threat modeling, secure code analysis, training, static, dynamic and interactive analysis, fuzz testing, automated and manual security testing
- Innovate the automation of SSDLC tasks
- Assist the presales, support and customer success teams responding to prospect, customer and field questions related to product and industry security
- Engage with third-party security consultants for independent security assessments, bug bounties and penetration testing of the product
- 2+ years of performing Web Application Security
- 3+ years of developing commercial products (experience in Java preferred)
- Experience in securing mobile applications
- Understanding of network protocols and architectures such as TCP/IP, UDP, IPv6, IPSEC, TLS, HTTP/S, routing protocols
- Exceptional problem-solving skills, curious about the inner workings of systems and show attention to details
- Excellent written and oral communication skills
- Experience with identity management (OAuth 2.0, OpenID Connect, SAML, Active Directory, MFA, LDAP, SCIM, etc.)
- Experience in securing native, desktop, cloud or mobile applications
- Experience with cloud deployment in Amazon AWS, Azure or Google Cloud
- Security certifications such as CISSP, CSSLP, GIAC