Product Security Engineer

Remote

strongDM logo

strongDM

Manage access to any server, database, or Kubernetes instance in minutes. Fully auditable, replayable, secure, and drag-and-drop easy.

View all employer listings

Apply now Apply later

strongDM is a customer-first, second, and third company with a rabid fan base. When was the last time you heard things like: * Splunk's CISO Joel Fulton says "strongDM gives you what you can’t get any other way -- the ability to see what happens, replay and analyze incidents."
* Chef's co-founder Adam Jacob says "strongDM takes the friction out of getting staff access to the systems they need." Customers love us because: The product rocks: strongDM fundamentally changes the relationship between InfoSec, DevOps, and end users. Enforce the controls security needs while making it easier to facilitate access.   They can trust us: we built a technical product for technical buyers. We do not use jargon. There is no alternative but to always be technically accurate. We are not afraid to admit product gaps.   We’re real humans: we built a serious product without taking ourselves too seriously. Each member of the team is deadly good at their job, and yet we crack jokes on the phone with customers. 
Do you like to poke at systems…
…and see how you can break them? Come and poke at our platform and the systems we use for delivering it! As a Product Security Engineer you’ll be working on making our platform as secure as we possibly can, so that our customers can unconditionally trust us.

What You'll Do:

  • Run our platform security assessments, including internal and external penetration tests & source code reviews
  • Manage our vulnerability disclosure and bug bounty programs, interacting as the glue between our internal engineering teams and the security researchers reporting to us 
  • Perform red team testing on the platform, trying to break things before they get into production
  • Develop automation to find and remediate security misconfigurations across all platform components (and business systems too!)
  • Have direct input on the security posture and design decisions of the strongDM Platform
  • Team up with the rest of the Security Department to educate your fellow employees on current security threats and best practices for secure development 
  • Work with the Governance, Risk, and Compliance team to establish and test controls in support of our SOC 2 and FedRAMP programs

Requirements:

  • You’re familiar with the SaaS-based vulnerability management platforms on the market
  • You can explain the why behind policies and standards in a way that both technical and non-technical folks understand
  • General knowledge of platforms and tools available to secure software and systems development 
  • You know that we are here to support and serve the business, not the other way around 
  • Have a “Yes, and…” attitude, be willing to own failure, and speak up when you see room for improvement 
  • Experience working at a high-growth startup with a culture of incredible customer support 
  • Alphabet soup of certs you may have but are in no way required: CEH, PenTest+, GPEN, GWAPT, OSCP, OSWE, CSSLP,

Compensation:

  • Competitive base + equity salary packages
  • Company sponsored benefits, including:
  • Medical, dental, and vision insurance (free to employees and dependents)
  • 401k, HSA, FSA, short / long-term disability coverage, life insurance
  • 4 weeks accrued PTO + sick days + volunteer days + standard holidays, paid parental leave
  • Stipend for internet and phone + home office budget
  • No travel required
Job region(s): Worldwide/Anywhere
Job stats:  3  1  0

Explore more Remote Work and WFH career opportunities