Senior Application Security Engineer - FedRAMP
Company: Rubrik
Location: Madison
Posted on: May 4, 2024
|
|
Job Description:
Company Description
Rubrik is one of the fastest growing companies in Silicon Valley,
revolutionizing data protection and management in the emerging
multi-cloud world. We are the leader in cloud data management and
have raised over $553 million in venture funding, most recently at
a valuation of $3.3 billion. Rubrik has been recognized as a Forbes
Cloud 100 Company two years in a row and as a LinkedIn Top 10
startup. As cloud adoption continues to grow at an astounding rate,
we'll be solving some of its most interesting challenges while
building a product unlike anything seen before. This is a massive
challenge and we're just getting started so there is a lot of
opportunity for personal growth and contribution.
Information Security - Who We Are
The Information Security organization advances the overall state of
security at Rubrik through critical initiatives and coordination of
large security projects. Information Security builds technologies,
tools, and processes to better enable teams at Rubrik to develop
secure software and protect data and systems with appropriate
security controls. Information Security also develops systems to
monitor and respond to attacks against our assets, provides
awareness education to teams on security best practices for data
protection, and ensures data governance and data sharing
relationships with third parties in order to securely protect
Rubrik information.
Where can you make an impact?
Rubrik is seeking a Senior Application Security Engineer. In this
role, you will be responsible for ensuring that Rubrik's products
and services are designed and implemented to the highest possible
security standards. You will partner with a variety of stakeholders
across the business to achieve successful security outcomes in
product and feature deliverables.
Responsibilities:
Actively participate in integrating security controls and practices
into the SDLC and collaborate with Engineering to embed security
into every phase of the development process.
Perform security assessments of applications, identifying
vulnerabilities and weaknesses though both automated and manual
testing techniques.
Remediate security issues identified during assessments and
collaborate with Engineering teams to implement effective fixes and
countermeasures.
Design and implement in-house security tools that will enhance
security detection capabilities to provide our Engineering partners
with high fidelity findings and actionable insights.
Monitor emerging trends and developments in the application
security space, including tools, technologies and best practices to
guard against emerging threats and vulnerabilities.
Collaborate with compliance teams to ensure that application
security practices adhere to FedRAMP requirements and where
necessary implement necessary controls, documentation and processes
in support of maintaining compliance.
Participate in the annual audit process by providing documentation,
evidence and expertise related to Rubrik's application security
practices.
Work with development teams, operations, governance, and other
stakeholders to document security guidance, processes and standards
for Rubrik products and services
Coordinate penetration testing / bug bounty programs and support
the remediation effort
Ideal Background:
Bachelor's degree required; BS or MS in Computer Science,
Information Technology, or a related field
8+ years' experience in application security, with experience
across SDLC activities such as threat modeling, secure code review,
vulnerability management, and penetration testing
Prior experience working in environments with NIST 800-53, NIST
800-171 controls or FedRAMP requirements
Knowledge of regulatory guidelines and standards such as FedRAMP,
SOC2, ISO 27001.
Broad knowledge of web, application, and cloud attack vectors and
exploits
Comprehension in multiple programming languages (Python, Go, Scala,
C/C++, Javascript/Typescript)
Experience with Bazel or similar build systems for secure build
processes and dependency management in application development
Working experience with CI/CD pipeline, containerization
(Kubernetes, Docker, etc) and MicroServices
Experience with deploying and securing SaaS applications and cloud
environments at scale
Deep security subject matter expertise in at least one major public
cloud provider (AWS, GCP, Azure)
Understanding of application security maturity model frameworks and
how to apply them
Team player, ability to establish priorities, deal with conflicts,
work independently, proceed with objectives and can-do attitude
Ability to lead, guide and manage Application Security services and
deliver on security outcomes and achieve objectives.
A self-starter with excellent critical thinking and problem solving
skills
Strong written and verbal communication skills
Security and Privacy Responsibilities section:
This position carries special Security and Privacy Responsibilities
for protecting the U.S. Federal Government's interests:
Know, acknowledge, and follow system-specific security policies and
procedures;
Protect data and individual privacy per requirements and
regulations;
Perform ongoing activities in compliance with service and
contractual obligations;
Participate in role-based training, completing assignments on a
timely basis;
Report security issues promptly, and aid investigation when
needed;
Support controlled changes and vulnerability remediation
activities; and
Work collaboratively with Information Security in designing,
implementing, assessing or enhancing system-specific security and
privacy controls.
Position Risk Designation section:
This position carries duties and responsibilities involving the
U.S. Federal Government's interests. The selected incumbent may be
subject to one or both of the additional background checks with
periodic re-screening as noted below:
Position Risk Designation: Non-Sensitive, Low Risk, Tier 1
Incumbents without access to U.S. Government data may be required
to complete Standard Form 85 and undergo a Tier 1 Investigation
(T1) for non-sensitive positions of Low Risk. (Baseline screening;
formerly National Agency Check and Inquiries (NACI)).
Position Risk Designation: Non-Sensitive, Moderate Risk, Tier 2
(Public Trust)
Incumbents with access to U.S. Government data may be required to
complete Standard Form 85P and undergo Tier 2 (T2) Investigation
for non-sensitive positions designated Moderate Risk.
Position Risk Designation:Moderate Risk Law Enforcement (CJIS)
When hired for a position where access to Moderate Risk criminal
justice information is required, the employee must complete a
fingerprint-based national criminal history background check within
30 days after the employee's start date.
#LI-AK1
#LI-REMOTE
The minimum and maximum base salaries for this role are posted
below; additionally, the role is eligible for bonus potential,
equity and benefits. The range displayed reflects the minimum and
maximum target for new hire salaries for the role based on U.S.
location. Within the range, the salary offered will be determined
by work location and additional factors, including job-related
skills, experience, and relevant education or training.
US Pay Range
$154,800-$258,000 USD
The minimum and maximum base salaries for this role are posted
below; additionally, the role is eligible for bonus potential,
equity and benefits. The range displayed reflects the minimum and
maximum target for new hire salaries for the role based on U.S.
location. Within the range, the salary offered will be determined
by work location and additional factors, including job-related
skills, experience, and relevant education or training.
US (SF Bay Area, DC Metro, NYC) Pay Range
$172,000-$258,000 USD
The minimum and maximum base salaries for this role are posted
below; additionally, the role is eligible for bonus potential,
equity and benefits. The range displayed reflects the minimum and
maximum target for new hire salaries for the role based on U.S.
location. Within the range, the salary offered will be determined
by work location and additional factors, including job-related
skills, experience, and relevant education or training.
US2 (all other US offices/remote) Pay Range
$154,800-$232,200 USD
About Rubrik:
Rubrik is on a mission to secure the world's data. With Zero Trust
Data Security---, Rubrik helps organizations achieve business
resilience against cyberattacks, malicious insiders, and
operational disruptions. Rubrik Security Cloud, powered by machine
learning, secures data across enterprise, cloud, and SaaS
applications. Rubrik helps organizations uphold data integrity,
deliver data availability that withstands adverse conditions,
continuously monitor data risks and threats, and restore businesses
with their data when infrastructure is attacked.
Linkedin
(https://www.linkedin.com/company/rubrik-inc/mycompany/verification/)
- Twitter (https://twitter.com/rubrikinc) - Instagram
(https://www.instagram.com/rubrikinc/) - Rubrik.com
Diversity, Equity & Inclusion @ Rubrik
At Rubrik we are committed to building and sustaining a culture
where people of all backgrounds are valued, know they belong, and
believe they can succeed here.
Rubrik's goal is to hire and promote the best person for the job,
no matter their background. In doing so, Rubrik is committed to
correcting systemic processes and cultural norms that have
prevented equal representation. This means we review our current
efforts with the intent to offer fair hiring, promotion, and
compensation opportunities to people from historically
underrepresented communities, and strive to create a company
culture where all employees feel they can bring their authentic
selves to work and be successful.
Our DEI strategy focuses on three core areas of our business and
culture:
Our Company: Build a diverse company that provides equitable access
to growth and success for all employees globally.
Our Culture: Create an inclusive environment where authenticity
thrives and people of all backgrounds feel like they belong.
Our Communities: Expand our commitment to diversity, equity, &
inclusion within and beyond our company walls to invest in future
generations of underrepresented talent and bring innovation to our
clients.
Equal Opportunity Employer/Veterans/Disabled
Rubrik is an Equal Opportunity Employer. All qualified applicants
will receive consideration for employment without regard to race,
color, religion, sex, sexual orientation, gender identity, national
origin, or protected veteran status and will not be discriminated
against on the basis of disability.
Rubrik provides equal employment opportunities (EEO) to all
employees and applicants for employment without regard to race,
color, religion, sex, national origin, age, disability or genetics.
In addition to federal law requirements, Rubrik complies with
applicable state and local laws governing nondiscrimination in
employment in every location in which the company has facilities.
This policy applies to all terms and conditions of employment,
including recruiting, hiring, placement, promotion, termination,
layoff, recall, transfer, leaves of absence, compensation and
training.
Federal law requires employers to provide reasonable accommodation
to qualified individuals with disabilities. Please contact us at
hr@rubrik.com if you require a reasonable accommodation to apply
for a job or to perform your job. Examples of reasonable
accommodation include making a change to the application process or
work procedures, providing documents in an alternate format, using
a sign language interpreter, or using specialized equipment.
EEO IS THE LAW
(https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf)
EEO IS THE LAW - POSTER SUPPLEMENT
PAY TRANSPARENCY NONDISCRIMINATION PROVISION
(https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_English_unformattedESQA508c.pdf)
NOTIFICATION OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS
Keywords: Rubrik, Madison , Senior Application Security Engineer - FedRAMP, Engineering , Madison, Wisconsin
Click
here to apply!
|