Application Security Engineer, Duo Security

Duo Security, now a part of Cisco, is the leading provider of Trusted Access security and multi-factor authentication delivered through the cloud.

Duo's mission is to make security simple for everyone. We were born from a hacker ethos and a desire to make the Internet a secure place. We believe in empowering people to follow their passions inside and outside of the office and enable every employee to bring their whole self to work.

Our team is our secret weapon. We run the spectrum from artists to analysts, low-key to high energy, and bring together a diversity of skill sets, experiences, and perspectives to solve what we consider to be the world's most pressing geopolitical challenge — transforming the security industry as we know it. Together we build solutions that are easy, effective, trustworthy, and enduring. And that's why we are the most loved and trusted company in security.

Whatyou'lldo…

• Perform security activities, including security design reviews, threat modeling, code auditing, and security assessments on internally & externally developed software.
• Support product security issue triage, help lead 3rd-party security assessments, provide ad-hoc technical security expertise to product, sales, & engineering teammates.
• Build and maintain application security development policies, procedures & standards.

Skillsyouhave…

• You have a deep understanding of many vulnerability classes impacting a variety of languages, with an expertise towards Python, Javascript, Java, C, C#, and Objective-C.
• You have the ability to quickly learn new things and take on new challenges. You're flexible and a creative problem solver.
• You're comfortable manually auditing code for vulnerabilities, using static & dynamic code analysis tools, building custom security tools, and bootstrapping test environments.
• You understand security engineering principles, and how to seriously consider when a “best practice” may not be, in fact, the best choice or positively impact actual security.

3Reasonswhyyoushouldapply…

• You're excited to be part of building an ever-maturing application security program that covers the Security Development Lifecycle, from training through incident response.
• You love to communicate in a friendly, encouraging manner with software engineers, helping to not only identify security issues, but also mentor and advocate on solutions.
• You're passionate about security, but understand each control or process has a “cost” that must be thought about critically, and from the point-of-view of many partners.

This job may not be for you if….

• You only find excitement in breaking software. This role requires a broad participation in realizing a best-in-class application security program that demonstrates many talents at once.
• Getting work done quickly is more important than how you present that work. We pride ourselves in detail-oriented, well-written communications -- whether on reports or email.
• You don't enjoy self-management of many tasks of various priority levels that can shift day-to-day. We value accountability of work that spans across tactical & strategic goals.

Duo is committed to cultivating and preserving a culture of inclusion and connectedness. We are able to grow and learn better together with a diverse team of employees. The collective sum of the individual differences, life experiences, knowledge, innovation, self-expression, and talent that our employees invest in their work represents not only part of our culture, but our reputation and Duo's achievement as well. In recruiting for our team, we welcome the unique contributions that all potential candidates can bring in terms of their education, opinions, culture, ethnicity, race, gender identity and expression, nationality, age, languages spoken, veteran's status, religion, disability, sexual orientation and beliefs.

And if this role is exciting you, we encourage you to apply even if you don't meet all 100% of the description or qualifications. Finally and most importantly, we are a proud Equal Opportunity Employer.