Senior Security Engineer

DroneDeploy
Summary
Join DroneDeploy, a leading provider of reality capture software, as a Security Engineer. In this role, you will lead and execute the Security Engineering program, collaborating with various teams to enhance security measures. Responsibilities include expanding automated security monitoring, mitigating vulnerabilities, performing design reviews, and educating employees on security best practices. The ideal candidate possesses 4+ years of software engineering experience, including a focus on security, and a deep understanding of security vulnerabilities and mitigation strategies. DroneDeploy offers a remote-first culture, flexible work options, and a comprehensive benefits package, including top-tier healthcare, paid time off, and professional development opportunities.
Requirements
- 4 years of experience in Software Engineering, including time in a Security Engineering role
- Demonstrated competence with reading and writing in modern software languages, including python, javascript, and golang
- Deep understanding of how to ensure high security without sacrificing user experience
- Demonstrated ability to communicate technical security concepts to non-experts
- Deep understanding of OWASP Top 10 vulnerabilities and mitigation strategies
- Ability to prioritize, reproduce, recommend remediations and implement fixes for vulnerabilities
- Experience with automated security scanning software and their limitations
- Experience performing formal threat modeling analysis in a real environment, and security triaging
- Available to travel domestically occasionally for work activities (e.g., conferences, meetings, events)
Responsibilities
- Collaborate with DevOps, Compliance, Engineering, and IT to streamline and uplevel our Security Program
- Expand our automated security monitoring capabilities
- Mitigate security vulnerabilities and architectural weaknesses by building security services, libraries, and integrating third party services
- Perform design reviews to ensure projects do not introduce new security vulnerabilities
- Educate and train security champions across the organization
- Lead our bug bounty and external penetration testing programs
- Develop security guidelines for common security issues, provide remediation guidance, and security baselines
- Proactively introduce new controls into the infrastructure platform that improves our defense in depth
Preferred Qualifications
- Prefer candidates with certifications such as CISSP, CCSP, GWAPT, OSCP, etc
- Experience working in cloud & containerized computing environments such as GCP, AWS, Azure; with kubernetes
- Experience with common security compliance initiatives such as SOC2, ISO-27001, etc
Benefits
- Innovative Company Culture – Thrive in an environment that encourages creativity and collaboration
- Drone Pilot Certification – Get certified and develop unique skills with our support
- Flexible Work Options – Enjoy flexibility with both your schedule and work location
- Family Paid Leave – Supporting you and your family when it matters most
- Top-Tier Healthcare Benefits – Comprehensive health coverage designed to support your well-being
- Professional Development & Career Growth – Opportunities to advance and grow in your career
- Flexible Paid Time Off – Take the time you need to recharge and stay balanced
- Employee Referral Bonus – Help us grow the team and get rewarded for great referrals