As an Application Security Engineer working remotely from USA/Canada, from the UK or within one of our Engineering offices you will gain invaluable experience at a visionary identity security company.  The position requires a passion for application security, solving both technical and organizational changes, with the ability to work in a fast moving, distributed and agile development environment.  You will have excellent communication skills and pay attention to the latest security trends and best practices.  

You will:

• Own Security Engineering for assigned Ping Identity products and tools
• Assist in developing and implementing Secure Software Development Lifecycle (SSDLC) practices
• Work with the product teams to perform security design/code reviews and vulnerability assessment and management in an agile environment
• Perform security tasks including (but not limited to) threat modeling, developer training, static code analysis, dynamic runtime fuzzing, and exploit development.
• Innovate the automation of SSDLC tasks
• Assist the presales, support and customer success teams responding to prospect, customer and field questions related to product and industry security
• Engage with third-party security consultants for independent security assessments, bug bounties and penetration testing of the product

You have:

• 2+ years of proficiency in a mix of Enterprise Application Security, API Security and Web Application Security
• 3+ years of developing commercial or open-source products (experience in Java preferred) or equivalent experience
• Understanding of network protocols and architectures such as TCP/IP, UDP, IPv6, IPSEC, TLS, HTTP/S, routing protocols
• Exceptional problem-solving skills, curiosity about the inner workings of systems and show attention to details and documentation
• Excellent written and oral communication skills

You have an advantage if you have: 

• Experience with Linux environments, administration, security, and internals
• Experience with identity management (OAuth 2.x, OpenID Connect, SAML, Active Directory, 2FA/MFA, LDAP, SCIM, FAPI, OpenBanking, etc.)
• Experience in securing machine learning or generative AI platforms
• Experience with cloud deployment in Amazon AWS, Azure or Google Cloud Platform
• Security certifications such as CISSP, CSSLP, GIAC, OSCP