Senior Software Security Engineer

As a Security Engineer in a fast-paced software engineering team at Markforged, you will be a strong and independent team member passionate about securing cloud and IoT environments. You have demonstrable experience developing a secure software development lifecycle, building vulnerability management programs, and implementing security incident and event management systems. In this role you will also be a part of Markforged’s cross-functional security team spanning IT security, risk and compliance, and application security.

What you will own: 

• Creating and maintaining secure development practices, programs and automation for our engineering teams
• Providing security feedback to engineers during all phases of the development lifecycle
• Contributing directly to code bases to remediate problems and improve security (Node.js / JavaScript, Python)
• Developing an incident response workflow for managing actionable security alerts
• Building an IR workflow with our operational team which includes evaluating and implementing a SIEM
• Working with product/program management to properly escalate and prioritize security issues

Important Note:

Although we list out what we generally look for, we are very likely missing other attributes and skills that you have that could make you a great fit, but are not currently listed. Research has shown this especially applies to women and other marginalized groups, who tend to apply if they check 100% of every box, versus men who apply if they hit roughly 60%. The point we’re getting at, it doesn’t hurt to take a chance and apply!

What you have: 

• 5+ years experience securing web applications, IoT devices, and cloud infrastructure
• Background in software engineering and common development practices in a collaborative and dynamic startup environment
• Deep understanding of web application architecture and design principles
• Knowledge of internet security issues in software design and code
• Experience in writing understandable, testable, secure code with an eye towards maintainability
• Experience implementing and managing SAST/DAST/SCA tools, web application firewalls, SIEM platforms, and/or intrusion detection systems
• Knowledge of common security flaws and resolution as published by OWASP, SANS, etc
• Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc) for security and quality
• Experience with audits and certifications such as ISO27001, SOC2, and FedRAMP
• Verbal/Written English Communication is required
• Experience with Splunk, Veracode, Snyk, Nessus, AWS, JavaScript, Node.js, and/or Postgres are all a plus
• Experience managing a bug bounty is a plus

It’s not expected that any single candidate would have expertise across all of these areas. For instance, we have wonderful team members who are really focused on their customers’ needs and building amazing user experiences, but didn’t come in with as much systems knowledge.

Our software technologies and tools empower our customers to configure print-ready parts, visualize part geometry in 3D, and push to IoT-connected printers for printing. As part of the Software Engineering team, you will be helping to lead the scaling and growth of our 3D printing platform involving end-customer applications and IoT services.  We move at a breakneck pace but refuse to compromise on quality. We believe in “doing it right the first time” and investing in code quality, testing, tooling and infrastructure. Your ideas will directly influence the company's future. You will do interdisciplinary work on physical systems and learn from best-of-the-best engineers across Materials Science, Mech-E, EE, and Software.