Senior Software Security Engineer at Markforged
As a Security Engineer in a fast-paced software engineering team at Markforged, you will be a strong and independent team member passionate about securing cloud and IoT environments. You have demonstrable experience developing a secure software development lifecycle, building vulnerability management programs, and implementing security incident and event management systems. In this role you will also be a part of Markforged’s cross-functional security team spanning IT security, risk and compliance, and application security.
What you will own:
- Creating and maintaining secure development practices, programs and automation for our engineering teams
- Providing security feedback to engineers during all phases of the development lifecycle
- Contributing directly to code bases to remediate problems and improve security (Node.js / JavaScript, Python)
- Developing an incident response workflow for managing actionable security alerts
- Building an IR workflow with our operational team which includes evaluating and implementing a SIEM
- Working with product/program management to properly escalate and prioritize security issues
Important Note:
Although we list out what we generally look for, we are very likely missing other attributes and skills that you have that could make you a great fit, but are not currently listed. Research has shown this especially applies to women and other marginalized groups, who tend to apply if they check 100% of every box, versus men who apply if they hit roughly 60%. The point we’re getting at, it doesn’t hurt to take a chance and apply!
What you have:
- 3+ years experience securing web applications, IoT devices, and cloud infrastructure
- Background in software engineering and common development practices in a collaborative and dynamic startup environment
- Deep understanding of web application architecture and design principles
- Knowledge of internet security issues in software design and code
- Experience in writing understandable, testable, secure code with an eye towards maintainability
- Experience implementing and managing SAST/DAST/SCA tools, web application firewalls, SIEM platforms, and/or intrusion detection systems
- Knowledge of common security flaws and resolution as published by OWASP, SANS, etc
- Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc) for security and quality
- Experience with audits and certifications such as ISO27001, SOC2, and FedRAMP
- Verbal/Written English Communication is required
- Experience with Splunk, Veracode, Snyk, Nessus, AWS, JavaScript, Node.js, and/or Postgres are all a plus
- Experience managing a bug bounty is a plus
#fulltime