About FireMon

As a thought leader in a space we invented, FireMon is paving the way in the cybersecurity industry across the globe. At FireMon, you'll find a disruptive, cutting-edge environment. It's a place where being proactive is rewarded and each day is more innovative than the last. This drive permeates everything we do - from how we develop our products to how we engage with our customers and how we get things done.

One of the biggest benefits of working with a groundbreaking company like FireMon, is the huge impact employees have on the overall product and business. Each person's work directly affects the outcome of the finalized product and success of the business. Additionally, you can voice your ideas and collaborate across departments to learn new aspects of the company. Since we are securely backed by some of the savviest investors in the industry, you get the security of an established organization but at the same time get to experience the agility and autonomy of a smaller company.

Security is core to FireMon's mission and critical to how we build our products from inception and design to release. This role will help FireMon maintain security at speed and scale. Our Security Engineer will help us deliver on our mission by helping to design, build, deploy, and maintain secure products. As a member of the Product Development team, the Security Engineer will work with an internal team of software developers, testers, and product managers to improve and evangelize security practices, processes, and tools including development security, secure SDLC, security testing, secure coding standards. Develop and integrate security tooling and best practices in the secure SDLC and CI/CD pipeline. Key Responsibilities:
- Recommend secure design techniques to management to improve application security posture
- Perform or support penetration testing as required for new or updated applications
- Work with engineering leaders to define a Secure Software Development Lifecycle (SSDLC)
- Develop training programs to ensure all engineers are trained on the basics of secure coding and understand the Secure Software Development Lifecycle
- Develop creative ways to support the development team's growth and learning around our standard security processes
- Facilitate adoption of tools and standards which continuously improve security posture and integrate into CI/CD pipeline
- Define and implement process for regularly scanning releases for new vulnerabilities
- Work with engineering leadership to ensure vulnerabilities are resolved in a timely manner
- Develop a way to inform customers about new vulnerabilities and the timeline for patches
- Define and implement process for performing STIG certifications on a quarterly basis and working with the engineers to address non-conformance
- Keep team abreast of relevant zero-day vulnerabilities and security trends which could impact our business
- Collaborate and advise engineering teams on building authentication, authorization, and encryption solutions
- Develop and report metrics measuring the state of the security program
- Research emerging technologies and maintain awareness of current security risksRequirements:
- Minimum 5 years of experience in the information security field
- BS in Software Engineering or related field
- In-depth knowledge of OS, backend and web application vulnerabilities and ability to articulate impacts to technical and business teams
- Experience with performing threat modeling and designing secure mobile application architecture
- Experience with creating and supporting a Secure Software Development Lifecycle (SSDLC)
- Experience with dynamic and static web application testing tools
- Strong knowledge of securing cloud infrastructure (ie. AWS, GCP)
- Knowledge of application security risk assessment process
- Experience implementing tools that check for OWASP Top 10
- Experience with software security frameworks and maturity models (BSIMM, OpenSAMM, etc.)
- Strong understanding and ability to solve security issues like XSS, CSRF, SQL Injection, Brute Force Attacks, Session Fixation, etc.
- Fluent in multiple scripting and programming languages Solid analytical and problem-solving ability Experience with Version Control software
- Experience with GDPR compliance is a plus
- Relevant cybersecurity certifications is a plus (e.g., , GWEB, GWAPT, GSEC)
- Self-starter with an aptitude for learning new technologies Excellent verbal and written communication skills
- Strong organizational skills and attention to detail
What it Takes to be Part of the FireMon Team

FireMon provides persistent network security for hybrid environments through a powerful fusion of real-time asset visibility, continuous compliance and automation. Since creating the first-ever network security policy management solution, FireMon has delivered command and control over complex network security infrastructures for more than 1,700 customers.

Our customers have unique and complex security problems that are difficult to solve. This doesn't intimidate us, it inspires us. It pushes us to be more creative and find solutions to ensure their success. If this sounds like a movement you'd be interested in joining, we invite you to apply today.

EEO/AA/Minorities/Females/Disabled/Veterans.