Senior Software Engineer - Application Security Platform

About The Job

As an Application Security Platform SWE, you will be a member of the Platform & Infrastructure Foundation team who is responsible for architecting and developing standardized common services and components of Abnormal infrastructure to enforce Security & Privacy by design. You will work across all engineering teams to advocate for Security & Privacy best practices while building the necessary toolings and guardrails to ensure systems and processes are fully authenticated, verified, authorized, and audited.

Job Responsibilities

• Platform Security Software Engineering
• Own and lead the Platform Security services and components for Abnormal microservices such as Zero-Trust networking, Secure Service to Service communications, Secret Service & Management system, Certificate Authority design and development, etc…
• Design and develop secure and scalable frameworks and toolings to integrate Abnormal ecosystem with external applications such as Salesforce, Slack, Github, Zoom, etc… to enable Security by design.
• Integrate Platform and Infrastructure components with Security Operational analytics and auditing tooling such as Okta, Dazz, Splunk, SIEM.
• Provably Secure platform
• Own and lead the execution of customer sensitive data access, verifications, and control policies. 
• Collaborate closely with Cloud Infrastructure and CISO org to review and select the appropriate technologies for Secure Service to Service Communication
• Roadmap
• Utilize prior industry experience to influence Platform Security and the overall Platform & Infrastructure engineering roadmap.
• Reconcile Platform and Security requirements to build a secure platform while enabling multiple engineering teams to deliver high quality software at high velocity.
• Contribute to vendor review and selection for related software purchases in key problem areas.

Key Capabilities

In order to deliver the results above what are the key capabilities we need in the candidate in order for them to be successful.

• [Must-have] Solid software engineering skills
• 5+ years of experience as a Software Engineer
• Proven track record of leading projects and delivering high quality software.
• Experienced with system design and infrastructure.
• Being able to articulate pros and cons of certain design choices.
• Experienced with Cloud (AWS, Azure, GCP) applications.
• Experienced with Authentication & Authorization problem space, best practices, and the related technologies (OAuth, SSO, mTLS, JWT, SPIFFE/SPIRE, Istio, Envoy, Dapr).
• [Must-have] Practical Security First mindset
• Understanding of Personal Identifiable Information (PII) and best practices to protect PII data.
• Ability to differentiate must-have versus nice-to-have Security & Privacy requirements.
• Being able to balance Security requirements against engineering productivity and infrastructural cost.
• [Nice-to-have] Bonus:
• Knowledge of cryptographic or encryption algorithms (symmetric vs asymmetric) and their applications is a plus.
• Experienced with compliance regulations such as ISO, GDPR, FedRamp.

#LI-NT1