Senior Security Engineer

Bitwarden empowers enterprises, developers, and individuals to securely store and share sensitive data. With a transparent, open-source approach to password management, secrets management, and passwordless and passkey innovations, Bitwarden makes it easy for users to extend robust security practices across all online activities. Founded in 2016 with headquarters in Santa Barbara, California, Bitwarden is supported by a passionate global community of security experts and enthusiasts. 

As a Senior Security Engineer at Bitwarden, you will be responsible for conducting purple team testing, including threat research and analysis, penetration testing, code audits, security validation testing, and cryptography reviews against Bitwarden’s products and services. In addition, you will be part of the security findings response team, and assist with external inquiry and report response, investigation, and triage. Additional responsibilities include assisting with remediation of any security issues that are identified during internal or external testing and assessments while working alongside our engineering and security operations team members to ensure Bitwarden platform and services are secure and resilient. 

We’re looking for someone who is a self-starter with highly technical skills overlapping offensive and defensive capabilities. The right candidate will have experience using security and vulnerability management tools and solutions to detect and prevent cyber-related vulnerabilities in the company's services and networks as well as to any mobile and Internet-facing applications, systems and environments. 

This is an all-remote team and we are looking for someone located in the U.S. We do not offer visa sponsorship at this time.

RESPONSIBILITIES

• Research emerging threats across the surface web, dark web, and deep web 
• Build threat models, conduct threat hunts, and plan and execute purple team engagements
• Coordinate internal red team testing operations that emulate a threat actor
• Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to improve our offensive and defensive security controls
• Contribute to vulnerability testing and analysis as well as incident response and analysis
• Include testing for web, mobile, CLI, and desktop application security issues across our multi-product portfolio, including Bitwarden Password Manager, Secrets Manager, and Passwordless.dev, our APIs, serverless functions, and database
• Participate in code reviews, learning and spreading technical knowledge about security posture
• Contribute to resolutions for security-related issues
• Coordinate technical validation and leadership review of purple team reports detailing testing results and potential areas of improvement
• Conduct internal penetration tests on systems …