Senior Product Security Engineer - Addepar Inc New York, NY, USA Bookmark Share Print 484 2 8

Listing Description

Information Security at Addepar is committed to making our organization, products, and services as secure as possible. Product (Application) Security plays an integral role in defining the security narrative for the Product and Engineering teams, ensuring security is embedded into existing and new services Addepar launches. Product Security engineers use pragmatic, empathetic, and timely approach to provide actionable advice while also considering the challenges in delivering high-quality products and services. Our mission is to enable Addepar to safely and securely launch new initiatives and services promptly.

As a Senior Product Security Engineer, you deeply understand the technology stack used at Addepar; you aim to identify and eliminate security vulnerabilities proactively. Your focus is forward-facing, building tools and services that ensure the safety of the Addepar platform and its valued client data against commonly known attacks. You will lead within the Information Security team by scoping and delivering tooling and services while mentoring your teammates to ensure they are delivering in line with our team culture and practices.

Requirements:

We expect each Product Security Engineer to add a unique set of expertise that contributes to the essential skill of relating to software developers. As a senior member of the team, you are well-versed in the following domains:

- 5+ years of relevant work experience on an internal security team, working either on the offensive or defensive sides of

security

- Demonstrate the ability to understand and discover attack surfaces, live and breath commonly known attacks such as Cross-

Site Scripting, Remote Code Execution while navigating the source code comfortably

- Demonstrate a firm understanding of cryptographic dos and don'ts

- Have built and implemented security tooling and solutions in the product lifecycle, including security tooling for the

Continuous Integration and Deployment pipeline

- Familiarity and previous experience using Metasploit, Burp Suite, fuzzing, and Jenkins strongly preferred

- Possess the restlessness ability and desire to break things

- Demonstrate an understanding of application architectural patterns, such as MVC, microservices, event-driven architectures,

etc.Perform application threat modeling

Create the guiding application security documentation and advice to engineers

Coordinate and perform manual and automated code tests

Ownership and coordination of automation initiatives and projects

Ownership and coordination of the periodic application penetration tests and Bug Bounty program

Perform ad-hoc application and code security scans

Conduct analysis and share the root cause of common security issues within the code and how to avoid them

Act as the technical leader and mentor within Information Security as well as Product and Engineering teams