Software Security Engineer (SaaS)
Aravo was founded in 2000 to bring order to the complex, chaotic world of enterprise Third Party Risk Management. We deliver market-leading SaaS solutions for managing third-party compliance and risk that help Global 2000 companies protect their brand, build customer trust, and drive principled performance. We have a notable and growing customer base of some of the biggest and most respected brands in the world including Google, Accenture, BHP Billiton, BAE Systems, Cisco Systems, GE, Lloyds Bank, Pfizer, P&G, Unilever and Visa.
Working for Aravo is working with purpose. We’re a team that takes pride in delivering excellent products that really make a difference and we enjoy providing exceptional service to our clients. We’re smart, collaborative and solutions driven. We know what we do helps serve a greater purpose by providing solutions that help eradicate corruption and social injustice from the world’s supply chains and third party networks. We feel really good about that.
Aravo is headquartered in San Francisco, with offices and partners across the US, Europe and Asia.
Aravo is growing fast and recognizes the importance of building a world-class client team to fuel our continued success. With significant investment and strong new leadership to expand our business, it’s a tremendous time to be joining the Aravo team. In this role you’ll have the opportunity to:
- Support our clients who are building and managing world-class third party risk management programs by maximizing the value of their investment in the Aravo platform
- Provide a valued voice, where ideas and creative approaches are welcomed
- Feel a sense of accomplishment as you are empowered to deliver in a dynamic, fun and fast-paced environment
- Celebrate successes and grow with us!
As a Security Engineer, you will analyze software designs and implementations from a security perspective, and identify and resolve security issues. You will include the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software.
- Implement, test, and operate advanced software security techniques in compliance with technical reference architecture
- Perform on-going security testing and code review to improve software security
- Troubleshoot and debug issues that arise
- Provide engineering designs for new software solutions to help mitigate security vulnerabilities
- Contribute to all levels of the architecture
- Maintain technical documentation
- Consult team members on secure coding practices
- Develop, maintain, and report quality metrics on application vulnerability status, trends, and level of risk
- Create training or informational materials for development teams on common application vulnerability types (i.e. threats posed, causes, fixes and avoidance, testing for, etc.) and Secure Software Development framework or best practices
- Import and analyze static code analysis reports for internally developed applications
- Develop and implement automation to eliminate entire classes of weaknesses across the organization
- Stay up to date and informed on changing IT and information security trends, new tools, and best practice
- Proven work experience as a software security engineer
- Experience with Spring, Angular
- Experience with static and dynamic code analysis tools - must have experience with at least two of the following: (BurpSuite, Qualys, Acunetix, AppScan, Cenzic, WebInspect, Fortify, Veracode)
- Experience with attacks and mitigation methods, with experience in two or more of the following: network protocols and secure network design, operating system internals and hardening (e.g., Windows, Linux, OS X, Android), web application and browser security, security assessments and penetration testing, authentication and access control, applied cryptography and security protocols, security monitoring and intrusion detection, incident response and forensics, development of security tools, automation or frameworks
- Experience with security over full stack or application
- BS degree in Computer Science or related field
- A deep understanding of both SOAP and RESTful APIs
- A deep understanding of Security frameworks and regulations (OWASP, PCI)
- An understanding of OAuth and SAML protocols
- Familiarity with application layer risks, attacks, security principles and application security industry resources such as OWASP
- Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
- Adequate knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols
- Interest in all aspects of security research and development
- Understanding of software development life cycles, team development experience
- Understand existing design and code implementations of storage devices
- Source Code Review (Automated and Manual)
- Strong understanding of transport level encryption
- An understanding of application reverse engineering
- 100% individual contributor
- Understanding of continuous integration methodology and experience associated tools
- Experience with web and application servers such as Tomcat
- Medical, Dental, Vision Insurance
- 401k Matching
- Competitive Compensation
- Work with leaders in the industry, opportunities to learn and grow every day
- …and many more!