Kandji
Staff Security Engineer, AppSec
Kandji, San Francisco, California, United States, 94199
KandjiKandji, an automation-forward Apple device management (MDM) software, empowers secure and productive work on Mac, iPad, iOS, and tvOS devices. Free 14-day trial.
About KandjiKandji is the Apple Device Management and Security Platform. Kandji empowers companies to manage and secure Apple devices in the enterprise and at scale. By centrally securing and managing Mac, iPhone, iPad, and Apple TV devices, IT and InfoSec teams can save countless hours of manual, repetitive work with features like one-click compliance templates and more than 150 pre-built automations, apps, and workflows. Device Harmony is our vision for tearing down the wall between IT and InfoSec to keep every Apple user secure and productive, using connected intelligence and automation. By choosing a career with Kandji, you will play an integral role in contributing to making our vision a reality. Backed by world-class investors, Kandji has raised over $100+M in capital to date.
The OpportunityThe Staff Security Engineer, AppSec will play a critical role in safeguarding Kandji’s products and infrastructure by designing security programs, conducting thorough threat modeling, managing vulnerabilities, and embedding secure development practices. This role will work closely with product managers, engineering teams, and cross-functional stakeholders to ensure security is a foundational component of all our initiatives.
How you will make a difference
Threat Modeling: Lead the development of comprehensive threat models for new and existing products to identify, assess, and mitigate security risks.
Vulnerability Management: Establish and manage a vulnerability management lifecycle for our applications, ensuring timely detection, reporting, and remediation of security vulnerabilities.
Security Programs: Design and implement application security programs focused on building security into the software development lifecycle (SDLC) and establishing secure coding practices.
Collaboration with Engineering: Partner with product and engineering teams to integrate security requirements into architectural designs and development processes.
Security Audits & Assessments: Conduct regular security assessments of applications and infrastructure, focusing on identifying areas of weakness and recommending actionable improvements.
Security Incident Response: Support the incident response team in application-related security incidents by providing expertise on containment, eradication, and post-incident analysis.
Security Awareness: Mentor and coach engineering teams on security best practices and create security awareness initiatives tailored to the development environment.
Automation & Tooling: Drive the adoption of security automation, including code scanning, security testing, and CI/CD pipeline integration to streamline security processes.
We’d love to hear from you if you have
Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
8+ years of experience in application security, preferably within a SaaS environment.
Strong proficiency in threat modeling, secure coding practices, vulnerability management, and incident response.
Hands-on experience with security tools such as static/dynamic analysis tools (SAST, DAST), penetration testing tools, and CI/CD pipeline integration.
Familiarity with modern programming languages (e.g., Python, JavaScript, Go) and cloud platforms (e.g., AWS, GCP, Azure).
Industry certifications such as CISSP, OSCP, or CEH are a plus.
Required to work on-site 3 days a week (Tuesday, Wednesday, Thursday). Managers may require additional on-site days.
Competencies
Technical Leadership: Demonstrated ability to lead and guide teams in the development and execution of security initiatives.
Threat Analysis: Strong understanding of threat modeling techniques, application security risks (OWASP Top Ten), and secure coding practices.
Risk Management: Expertise in managing security vulnerabilities and threats through identification, prioritization, and mitigation strategies.
Communication: Excellent communication skills to effectively collaborate with cross-functional teams, present complex security concepts, and advocate for secure design practices.
Innovation & Problem Solving: Creative thinker with the ability to develop novel security solutions in response to emerging threats and vulnerabilities.
Continuous Improvement: Strong commitment to staying up-to-date with evolving security standards and best practices, and a passion for continuous learning and improvement.
Benefits & Perks• Competitive salary• 100% individual and dependent medical + dental + vision coverage• 401(k) with a 4% company match• 20 days PTO• 14 paid holidays per year• 10 health and wellness days per year• Kandji Wellness Week Off July 1 - July 5, 2024• Equity for full-time employees• 12 weeks of paid leave for new parents• Paid Family and Medical Leave• Modern Health - Mental Health Benefits - Individual and Dependents• Monthly Utilities stipend• Gym Membership• Lunch 3 Days/Week• Exciting opportunities for career growth• An outstanding, inclusive culture
At Kandji, we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams and welcome those from all backgrounds and varying experiences.
Kandji is proud to be an equal opportunity employer committed to diversity and inclusion in the workplace. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, physical or mental disability, protected veteran or military status, or any other status protected by applicable law.
#J-18808-Ljbffr
About KandjiKandji is the Apple Device Management and Security Platform. Kandji empowers companies to manage and secure Apple devices in the enterprise and at scale. By centrally securing and managing Mac, iPhone, iPad, and Apple TV devices, IT and InfoSec teams can save countless hours of manual, repetitive work with features like one-click compliance templates and more than 150 pre-built automations, apps, and workflows. Device Harmony is our vision for tearing down the wall between IT and InfoSec to keep every Apple user secure and productive, using connected intelligence and automation. By choosing a career with Kandji, you will play an integral role in contributing to making our vision a reality. Backed by world-class investors, Kandji has raised over $100+M in capital to date.
The OpportunityThe Staff Security Engineer, AppSec will play a critical role in safeguarding Kandji’s products and infrastructure by designing security programs, conducting thorough threat modeling, managing vulnerabilities, and embedding secure development practices. This role will work closely with product managers, engineering teams, and cross-functional stakeholders to ensure security is a foundational component of all our initiatives.
How you will make a difference
Threat Modeling: Lead the development of comprehensive threat models for new and existing products to identify, assess, and mitigate security risks.
Vulnerability Management: Establish and manage a vulnerability management lifecycle for our applications, ensuring timely detection, reporting, and remediation of security vulnerabilities.
Security Programs: Design and implement application security programs focused on building security into the software development lifecycle (SDLC) and establishing secure coding practices.
Collaboration with Engineering: Partner with product and engineering teams to integrate security requirements into architectural designs and development processes.
Security Audits & Assessments: Conduct regular security assessments of applications and infrastructure, focusing on identifying areas of weakness and recommending actionable improvements.
Security Incident Response: Support the incident response team in application-related security incidents by providing expertise on containment, eradication, and post-incident analysis.
Security Awareness: Mentor and coach engineering teams on security best practices and create security awareness initiatives tailored to the development environment.
Automation & Tooling: Drive the adoption of security automation, including code scanning, security testing, and CI/CD pipeline integration to streamline security processes.
We’d love to hear from you if you have
Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
8+ years of experience in application security, preferably within a SaaS environment.
Strong proficiency in threat modeling, secure coding practices, vulnerability management, and incident response.
Hands-on experience with security tools such as static/dynamic analysis tools (SAST, DAST), penetration testing tools, and CI/CD pipeline integration.
Familiarity with modern programming languages (e.g., Python, JavaScript, Go) and cloud platforms (e.g., AWS, GCP, Azure).
Industry certifications such as CISSP, OSCP, or CEH are a plus.
Required to work on-site 3 days a week (Tuesday, Wednesday, Thursday). Managers may require additional on-site days.
Competencies
Technical Leadership: Demonstrated ability to lead and guide teams in the development and execution of security initiatives.
Threat Analysis: Strong understanding of threat modeling techniques, application security risks (OWASP Top Ten), and secure coding practices.
Risk Management: Expertise in managing security vulnerabilities and threats through identification, prioritization, and mitigation strategies.
Communication: Excellent communication skills to effectively collaborate with cross-functional teams, present complex security concepts, and advocate for secure design practices.
Innovation & Problem Solving: Creative thinker with the ability to develop novel security solutions in response to emerging threats and vulnerabilities.
Continuous Improvement: Strong commitment to staying up-to-date with evolving security standards and best practices, and a passion for continuous learning and improvement.
Benefits & Perks• Competitive salary• 100% individual and dependent medical + dental + vision coverage• 401(k) with a 4% company match• 20 days PTO• 14 paid holidays per year• 10 health and wellness days per year• Kandji Wellness Week Off July 1 - July 5, 2024• Equity for full-time employees• 12 weeks of paid leave for new parents• Paid Family and Medical Leave• Modern Health - Mental Health Benefits - Individual and Dependents• Monthly Utilities stipend• Gym Membership• Lunch 3 Days/Week• Exciting opportunities for career growth• An outstanding, inclusive culture
At Kandji, we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams and welcome those from all backgrounds and varying experiences.
Kandji is proud to be an equal opportunity employer committed to diversity and inclusion in the workplace. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, physical or mental disability, protected veteran or military status, or any other status protected by applicable law.
#J-18808-Ljbffr