The name ThousandEyes was born from two big ideas: the power to see things not ordinarily possible and the ability to collect insights from a multitude of vantage points. As organizations rely more on cloud services and the Internet, the network has become a black box they can't understand. ThousandEyes gives organizations visibility into the now borderless network, arming them with an accurate understanding of how the network impacts their applications, users and customers. ThousandEyes is used by some of the world's largest and fastest growing brands, including all of the top 5 global software companies, 5 of the top 6 US banks, and 45 of the Fortune 500. ThousandEyes is backed by Sequoia Capital, Sutter Hill Ventures, Tenaya Capital, Google Ventures and Salesforce Ventures, with headquarters in San Francisco, CA.
About the Role
The Information Security Engineer (Applications Security) is responsible for security in our software development process, risk assessment based on application, data, and technology architectures; for solution design and information security policy development and maintenance; for awareness activities and monitoring compliance with company security policy and applicable law; for coordinating investigation and reporting of security incidents. The Information Security Engineer will also monitor, assess, and apply corrective actions to the business continuity and disaster recovery program and contribute to information security projects to protect company information assets. This position combines project-based work and operational assignments.
- Proactively assesses potential risks and vulnerability in the company applications.
- Report & document the potential flaws to the proper teams for them to be solved including proposed solutions whenever possible.
- Describe, discuss & document in detail to sustain the flaws in case there's an misunderstanding from the target team.
- Architect, develop, deploy and support software solutions to common requirements detected within the team.
- Assist with enterprise-wide risk assessment processes and specifically with applications security assessments
- Coordinate cross-functional team meetings to remediate previously identified security risks and close out pending action plans
- At least 3 years of experience in Web Software Development
- BS or MS degree in Computer Science (or equivalent)
- Practical use and implementation of information security principles and practices
- Understanding of IT methodologies, such as software development lifecycle and operations
- Java, Spring Core, Data, Web & Security
- Angular, Vue or React
- SQL, HTTP, REST, Git, Gradle or Maven, Scrum
- Authentication, Authorization, Encryption
Nice To Have:
- Experience in security in software development lifecycle
- Experience in Web applications security and OWASP
- Spring Boot, Webpack, Burp Suite, C++, Linux, LAN and WAN, Firewalls, Access controls, IPS, Digital Certificates, SSL, VPN, TCP/IP, DNS and web security architecture, Proxy services.
- Jenkins, IntelliJ, Swagger, Grafana, Prometheus, Postman, bash, c++, gRpc, d3, es6, scss...