At BlueJeans Network, our mission is to make video communications as easy and pervasive as audio communications, enabling more effective collaboration at work, at home, and on the road. Our cloud-based conferencing service makes this possible by enabling customers from small companies to Fortune 500 enterprises to universities, healthcare, financial and other industries to connect with each other seamlessly anytime, anywhere and from practically any device to conduct mission critical business meetings.
As a Senior Engineer of Information Security, you will work with a global security team that keeps our enterprise-class cloud service secure from a variety of threats. We are looking for an individual contributor who is passionate about information security and help create a culture across the entire company that is security-conscious. You will work closely with Engineering teams to build security into product early on in the SDLC. You will also help with Operational Security aspects which will include interpreting results from periodic vulnerability scans on the corporate and data center infrastructure, monitoring application security using Log Analysis or SIEM tools and coordinating and triaging quarterly penetration test results on the product and identifying actionable incidents to address in the infrastructure and in the product.
Be a member of our global security engineering team responsible for securing our cloud service
Engage early on with Engineering teams in the software development lifecycle (SDLC) to ensure that designs and implementations follow security best practices
Think like a hacker and have a keen eye for spotting STRIDE-based vulnerabilities in design and implementations
Perform Proof of Concept for Security features working closely with the engineering teams and proactively follow through to successful implementation in the product
Utilize vulnerability scanning and application/infrastructure monitoring tools effectively to improve the Organization’s security posture
Co-ordinate internal and 3rd party app security, penetration testing and bug bounty programs. Reproduce reported security bugs and work with Engineering to address them timely without side effects
Work closely with Operations, IT, Support and Engineering teams to monitor and remediate security incidents
Participate in compliance efforts when necessary
Assist Sales and Sales Engineering with RFP responses related to product security
Be a role model to create a culture of security in the company
Previous experience as a Security Engineer in an Enterprise SaaS-based products company
Bachelor’s degree with programming experience in C/C++, Java or Ruby
Good understanding of Transport Layer protocols such as TCP/TLS and Application layer protocols such as HTTP and SIP.
5+ years of software development experience with security focus or as an application security engineer
An out of the box thinker who can come up with good threat models for a design and misuse cases to validate it
Good communications skills to work effectively with cross functional teams involving Engineering, Support, Operations, Program Management and IT - especially when leading an emergency patch development and deployment
Good understanding of the latest OWASP Top 10 and SANS Top 25 vulnerabilities and the corresponding mitigation techniques
Higher level knowledge of Networking and Perimeter devices such as F/W, Load Balancers, Routers and Content Filters.
Knowledge of deploying applications in a Co-located data center or Cloud infrastructures such as AWS/Azure will be a plus
Ability to maintain a flexible work schedule to enable interactions across multiple time zones with remote teams is a must
Hands-on experience with tools from 3rd party vendors such as Rapid7, Qualys, Whitehat and/or open source tools such as Nessus, Metasploit, Burp Suite, Nmap, will be a plus
Exposure to compliance certifications such as SOC2 or ISO 27001 will be a plus