Staff Security Engineer

Do you have a passion for securing cloud native environments? Are you excited by the opportunity to define industry leading standards and patterns? Would you like to work with a world class engineering team to train, mentor, and grow a security minded development culture? Outreach is looking for a Staff Security Engineer to partner with product engineering teams to drive secure product design, perform application security reviews, and help shape the future of our cloud native, continuous deployment application security program. 

The ideal candidate brings strong application security engineering skills, a background in software development or engineering, and deep knowledge of application security vulnerabilities and mitigations. This role is centered on building secure systems and improving secure development practices, not on offensive security testing alone. It emphasizes researching emerging threats and effective mitigations, then applying those insights across our services and Secure Development Lifecycle. The right candidate enjoys engaging with customers, takes ownership of improving security processes and technical controls across engineering teams, and contributes to the development of product security features. 

From day one, you will partner with product managers and engineers across the organization and, at times, work directly with customers. You will help train and support PMs and engineers in designing and implementing secure development practices within our CI/CD pipelines to reduce vulnerabilities in production code. You will create technical training and security awareness content, contribute to secure coding standards, and produce position papers and technical specifications that guide security mitigations and product feature development. 

Technical Fluency – A passion for security and technology, familiarity with DevOps methodology and containers, SaaS and cloud security solutions and standards, and microservice architectures. 

Advisory Skills – Providing direction, advice and support that helps grow the technical and collaboration skills of the individuals and teams you work with. 

Execution – Planning, coordination, managing dependencies and risks, and diving deep when issues arise. Ability to work with people and drive a program to completion is a must. 

● Conduct threat models and train engineers on threat modeling techniques and other standard evaluation practices to identify and prioritize risks of potential vulnerabilities and define possible mitigations. 

● Develop, document and maintain the security standards and design patterns used by engineers to deliver consistent, secure code and features. 

● Research the threat landscape, regulatory considerations, and customer requirements relevant to Outreach’s business, and recommend solutions to address known and potential threats by defining and applying appropriate security requirements. 

● Experience using Wiz, Snyk, or similar tools to identify and manage vulnerable dependencies, with strong knowledge of SCA and SAST tools and their integration into the software development lifecycle. 

 ● Ensure strong cross-company collaboration by fostering a close partnership between security and engineering teams with the goal of increasing customer trust in Outreach and its products. 

● A minimum of 3 years experience as a senior or principal application security engineer or architect. 

 ● Deep experience in application security programs, including threat modeling, secure coding best practices, identifying vulnerabilities and secrets in code, and coordinating remediations in a cloud-native SaaS environment. 

 ● Familiarity with modern application security issues and mitigation techniques is essential. 

 ● Experience creating reference architectures, engineering specs, and data flow diagrams. Experience with customer-facing content is a plus. 

 ● Experience performing code reviews to identify security vulnerabilities. 

 ● Proven success working with engineers and technologies in cloud-native, DevOps environments (including CI/CD pipelines, microservices, and infrastructure as code). 

 ● Strong track record of partnering and collaborating with engineers and producing formal documentation to communicate program effectiveness to leadership. 

 ● Experience evaluating and implementing third-party tools and services to support an effective SDL program. 

 ● Experience mentoring and training others in application security principles and practices. 

 ● Excellent interpersonal and management skills. 

 ● Strong written and verbal communication skills. Experience working with customers or customer-facing teams is a plus. 

 ● Ability to work independently and flexibly to succeed within Outreach’s dynamic culture.