PDQ's Mission: We make device management simple, secure and pretty damn quick.
PDQ's Core Values: Honesty, Ownership, Collaboration and Improvement
As an Application Security Engineer at PDQ, you will play a crucial role in applying security best practices throughout the software development lifecycle and testing our applications against security risks before release. Your experience and skills will provide guidance to our development teams on secure coding practices and contribute to the design and implementation of secure architecture. Your efforts will help foster a culture of security considered at every level of the organization.
In this role, you'll collaborate with PDQ's Operational Security team to:
- Ensure proper implementation of security practices, such as vulnerability scanning and penetration testing
- Perform regularly scheduled and ad hoc security audits
- Support achievement of meaningful industry certifications (e.g. ISO, SOC)
- Manage prioritization of all security related activities
- Monitor threat landscape (e.g. CISA feeds, industry publications, news, etc.) and engage with Product Leadership Team to ensure adequate controls are in place
- Collaborate with DevOps to ensure security measures are implemented in production environments
- Automate security checks and scans in DevOps environments
What you'll be doing:
- Perform regular secure coding training with engineering teams and refine secure coding practices and standards
- Ensure deliverables and gates for security are integrated at all stages of the SDLC
- Develop and maintain documentation of Application Security controls
- Collaborate with engineering teams to ensure standard security requirements are defined and included in every product release
- Improve and implement processes for secure code reviews
- Schedule and take part in Application Security testing and threat modeling exercises
- Recommend implementation of advanced security features
- Monitor process of resolution of critical and high findings from vulnerability, SAST, DAST, and SCA scans relative to agree upon SLAs and elevate any discrepancies for remediation
- Assist engineers in assessing and remediating vulnerabilities
- Build and maintain a multi-year Product Security roadmap and align priorities for roadmap and resourcing with Product Leadership Team.
We're looking for people who have:
- Bachelor’s Degree in Computer Science or related fields, or equivalent experience
- Solid understanding of web and mobile Application Security across the SDLC
- Strong experience with secure cloud architecture and design
- Knowledge of a variety of languages across PDQ’s technical stack
- Experience with a variety of security testing tools and best practices
- Strong experience with threat modeling and analysis
- Experience implementing and securing cloudstorage and cloud infrastructure
- Understanding of common threats and attacks, as well as security protocols and standards
- Ethical hacking knowledge a plus
We need someone who can:
- Work collaboratively across multiple departments
- Handle sensitive and confidential information
- Apply strong analytical and problem-solving skills
- Exercise curiosity and seek opportunities for continued learning
- Think creatively and outside the box – think like a hacker!
- Stay up to date on latest security trends and technologies
- Communicate concepts to technical and non-technical audiences alike
Tools we use:
- Applications written in Elixir, C#, Ruby, JavaScript, Python
- Infrastructure implemented in GCP/Kubernetes
PDQ offers all of the great perks and benefits you'd expect from working at a very cool tech company, and even some you might not expect, including:
PDQ is proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. If you would like to request reasonable accommodation for a medical condition or disability during any part of the application process, please contact hr@pdq.com.
The majority of PDQ's full-time roles do not qualify for sponsorship of employment visas such as the H-1B visa. This applies to scenarios where a candidate might possess temporary work authorization during their schooling or after graduation (e.g., CPT, OPT), but would require H-1B visa sponsorship within a few years of employment to retain eligibility for employment.
Currently, candidates who are eligible for fully remote positions can live in any of the following US states: AR, AZ, CO, CT, FL, GA, ID, IL, IN, KY, MD, MI, MN, MO, NC, NH, OK, OR, TN, TX, UT, VA, WA, WI.