Sr. Security Engineer - AppSec
6sense
Our Mission:
6sense is on a mission to revolutionize how B2B organizations create revenue by predicting customers most likely to buy and recommending the best course of action to engage anonymous buying teams. 6sense Revenue AI is the only sales and marketing platform to unlock the ability to create, manage and convert high-quality pipeline to revenue.
Our People:
People are the heart and soul of 6sense. We serve with passion and purpose. We live by our Being 6sense values of Accountability, Growth Mindset, Integrity, Fun and One Team. Every 6sensor plays a part in defining the future of our industry-leading technology. 6sense is a place where difference-makers roll up their sleeves, take risks, act with integrity, and measure success by the value we create for our customers.
We want 6sense to be the best chapter of your career.
Purpose of the Job :
As members of 6sense’s Security department, the Security Engineering team protects the platform. Application Security Engineers work closely with engineering teams, product managers (PM), and third-party entities to ensure that 6sense products are secure.
Responsibilities & Accountabilities :
- Ensure that application security tools are configured to provide appropriate coverage based on the Vulnerability Management Policy and Standard
- Track and report status of vulnerabilities based on severity and SLA, escalating as needed
- Build dashboards and filters to surface vulnerability data to the right teams
- Support and consult with engineering and product teams around application security vulnerabilities
- Assist teams in reproducing, triaging, and addressing application security vulnerabilities identified through Pen Testing, SAST, DAST, or Dependency scans
- Support the and evolve the bug bounty program
- Lead in development of automated security testing to validate that secure coding best practices are being used
- Lead application security reviews and threat modeling, including code review and dynamic testing
- Facilitate secure development training with Engineering teams
- Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area
- Design and execute quarterly (O)KRs
Performance Measurement :
- Understands the 6sense product and platform in depth
- Takes the lead in identifying, triaging, and managing security issues
- Participates in weekly 1:1s with manager and monthly skip levels
- Adheres to deadlines and sets a professional tone among other engineers
- Establishes routines to ensure updates are made to handbook pages, runbooks, workflows and dashboards
Educational and Experience Requirements :
- 5+ years of experience in information security, with a focus on all aspects of application security, including threat modeling and developer training
- Familiarity and ability to explain common security flaws and ways to remediate them (e.g. OWASP Top 10)
- A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS protocols)
- Some development or scripting experience and skills in Python or JavaScript
- Experience with security tools (e.g., Vulnerability Scanners, SAST/DAST, DevOps software, AWS cloud security tooling)
- Excellent communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner
- Experience working directly with software developers to improve code security
- Strong understanding and practical experience with common security libraries, security controls, and common security flaws
Preferred Qualifications :
- Bachelor's degree in a related field
- Relevant industry certifications, such as AWS, CNCF, and GIAC are highly desirable
Competencies and Behaviors :
- Able to establish credibility among Engineering counterparts.
- Maintains a professional, outcome focused demeanor.
- Advocates for application security best practices.
- Works to maintain and improve overall company security posture.
- Drives tasks to completion by following up on questions, deadlines, and requests for input.
- Maintains accuracy of information.
- Effective prioritization and escalation to management.
Our Benefits:
Full-time employees can take advantage of health coverage, paid parental leave, generous paid time-off and holidays, quarterly self-care days off, and stock options. We’ll make sure you have the equipment and support you need to work and connect with your teams, at home or in one of our offices.
We have a growth mindset culture that is represented in all that we do, from onboarding through to numerous learning and development initiatives including access to our LinkedIn Learning platform. Employee well-being is also top of mind for us. We host quarterly wellness education sessions to encourage self care and personal growth. From wellness days to ERG-hosted events, we celebrate and energize all 6sense employees and their backgrounds.
Equal Opportunity Employer:
6sense is an Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to jobs@6sense.com.
We are aware of recruiting impersonation attempts that are not affiliated with 6sense in any way. All email communications from 6sense will originate from the @6sense.com domain. We will not initially contact you via text message and will never request payments. If you are uncertain whether you have been contacted by an official 6sense employee, reach out to jobs@6sense.com