Principal Application Security Engineer
Job Summary
Job Description
The Principal Application Security Engineer at Barracuda ensures the security of software and services through source code review, application security assessments, automated security solution integration, architecture review, and expert advice on security trends. Responsibilities include secure software delivery, maintaining awareness of security best practices, managing bug bounty programs, collaborating with teams on incident response, evaluating new security technologies, and providing guidance to engineering teams on secure development and vulnerability remediation. The role requires extensive experience in application security, vulnerability identification and remediation, and collaboration with development teams.
Must have:
- 7+ years experience
- Source code review (Python, PHP, Go)
- Manual application penetration testing
- Vulnerability risk assessment and mitigation
- Collaboration with development teams
- Software security best practices knowledge
- Threat modeling
- SAST/DAST/SCA experience
Good to have:
- Fuzzing experience
- Infrastructure as Code & cloud security (Azure, AWS)
- OAuth/OpenID Connect & SAML understanding
- Bug bounty program management
- Process improvement and automation
Perks:
- Equity in the form of non-qualifying options
9 skills required
Job Details
Job ID 25-439(2)
Come Join Our Passionate Team! At Barracuda, we make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level.
We are committed to a candidate selection process and work environment that is inclusive and barrier free. To ensure candidates are assessed in a fair and equitable manner, accommodations will be provided to prospective employees in accordance with the Accessibility for Ontarians with Disabilities Act (AODA) and the Ontario Human Rights Code.
Envision yourself at Barracuda
The Principal Application Security Engineer assures the safety and security of Barracuda Networks software and services through source code review, manual application security assessment, operation and integration of automated security assessment solutions, architecture review, and expert advice regarding software security trends, threats, best practices and incidents. Through assuring the safety and security of Barracuda Networks software and services, the Application Security Engineer helps to keep our customers and their data safe and secure.
Tech Stack Exposure
- A deep understanding of software security best practices and vulnerabilities, especially as they relate to web applications (e.g. OWASP Top 10)
- Experience identifying vulnerabilities in software and SaaS services
- Experience in source code review, preferably for Python, PHP and Go
- Experience in scoping and performing manual application penetration testing
- Experience in assessing the risk of identified vulnerabilities, and providing correct, robust and actionable recommendations to mitigate and/or resolve the vulnerabilities
- Experience in understanding software vulnerabilities, in finding other instances of the vulnerability across codebases, and in identifying collateral/related vulnerabilities.
- Experience in assessing the implemented resolution of a vulnerability for completeness and accuracy, and identifying bypasses for the implemented resolution
- Experience in working collaboratively with software development teams to identify vulnerabilities in all stages of software development
- Experience in communicating effectively with people of varying security proficiency and interest (fellow security professionals, engineering, and management)
- The ability to coordinate and participate in wide-scale Software Incident Security Response exercises such as the log4j response, understanding and unpacking information as incidents unfold, and in working across the organization to deliver a comprehensive "Identify, Resolve, Validate" solution
- Basic programming experience in at least one language, preferably Python or Go, and experience in automating routine tasks such as searching source code and manipulating data.
What you’ll be working on
- Ensure the secure delivery of software from design through to implementation
- Maintain awareness of software security trends, incidents, and best practices, and provide expert advice and guidance to engineering teams regarding secure development and vulnerability remediation.
- Manage Barracuda’s bug bounty programs
- Work collaboratively with the organization, including with Security, Compliance and Engineering, to understand and remediate computer and software security incidents
- Evaluate new and emerging security technologies, features, and products.
What you bring to the role
- 7+ years of experience
- The ability to perform source code review in new and unfamiliar languages using knowledge of security best practices and a willingness to read documentation
- Solutions architecture review experience, and the ability to identify opportunities and vulnerabilities early in the specification and development of software
- Threat modelling experience
- Fuzzing experience
- Experience using and integrating automated software security scanners such as SAST/DAST/SCA
- An understanding of Infrastructure as Code and cloud platform security (preferably Azure and AWS)
- An understanding of identity, authentication and authorization protocols including OAuth/OpenID Connect and SAML
- Published examples of work such as original research, vulnerability advisories, conference talks, bug bounty writeups or CTF writeups
- The ability to identify opportunities for process improvement, including automation and the authorship of software (scanners, fuzzers, helper utilities etc.)
- Experience participating in and/or managing bug bounty programs
- Experience with and/or a willingness to collaborate with other security functions such as compliance and policy, network/corporate security, security monitoring and incident response
What you’ll get from us
A team where you can voice your opinion, make an impact, and where you and your experience are valued. Internal mobility – there are opportunities for cross training and the ability to attain your next career step within Barracuda. In addition, you will receive equity, in the form of non-qualifying options.
The anticipated on-target earnings range for this role is 146,000 to 167,000. Actual compensation offered will be dependent upon the individual's skills, experience, and qualifications as they directly relate to the requirements of the position, the budget for the position, and applicable employment laws.
Similar Jobs
Next Level Business Services
Peapack And Gladstone, New Jersey, United States (On-Site)
• 3 Months ago
Varonis
Morrisville, North Carolina, United States (On-Site)
• 2 Months ago
Get notifed when new similar jobs are uploaded
Similar Skill Jobs
ByteDance
Seattle, Washington, United States (On-Site)
• 3 Months ago
ByteDance
Seattle, Washington, United States (On-Site)
• 1 Month ago
Meta
Tel Aviv-Yafo, Tel Aviv District, Israel (On-Site)
• 3 Months ago
X Studios, Inc
Winter Park, Florida, United States (On-Site)
• 5 Months ago
Go Fund Me
Buenos Aires, Buenos Aires, Argentina (Hybrid)
• 1 Month ago
Tesla
North Holland, Netherlands (On-Site)
• 1 Week ago
Get notifed when new similar jobs are uploaded
Jobs in Ontario, Canada
Spyke Games
Edmonton, Alberta, Canada (Hybrid)
• 1 Month ago
Global Step
Montreal, Quebec, Canada (On-Site)
• 3 Months ago
Unity
Montreal, Quebec, Canada (On-Site)
• 1 Month ago
Get notifed when new similar jobs are uploaded
Cyber Security Jobs
Axinous
Sahibzada Ajit Singh Nagar, Punjab, India (On-Site)
• 2 Months ago
Zeta
Bengaluru, Karnataka, India (On-Site)
• 3 Months ago
PwC
Bengaluru, Karnataka, India (On-Site)
• 3 Months ago
Canva
Brisbane, Queensland, Australia (Remote)
• 6 Days ago
PwC
Jakarta, Jakarta, Indonesia (On-Site)
• 4 Months ago
Wind River Systems
Washington, District Of Columbia, United States (Hybrid)
• 3 Months ago
PlayStation Global
Aliso Viejo, California, United States (Hybrid)
• 3 Weeks ago
Get notifed when new similar jobs are uploaded
