Ping Identity - Product Security Engineer - Federal
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Ability to meet U.S. citizenship and residency eligibility requirements associated with supporting FedRAMP-regulated environments. • 2+ years of application security experience across areas such as API Security, Web Application Security, Enterprise Application Security, and Mobile Application Security • 3+ years of developing commercial software products • Hands-on experience working with Secure Software Development Lifecycle (SSDLC) security tooling, such as source code scanning tools (SAST) and third-party dependency or software composition analysis (SCA) • Secure Software Development Lifecycle (SSDLC) security tooling • Strong understanding of modern authentication and identity standards, including OAuth 2.0, OpenID Connect (OIDC), and SAML • OAuth 2.0, OpenID Connect (OIDC), and SAML • Ability to review application code for security vulnerabilities, ideally in Java or Go • review application code for security vulnerabilities • Experience identifying and mitigating vulnerabilities aligned with OWASP Top 10 • OWASP Top 10 • OWASP Top 10 • Familiarity with cloud-native application environments, including Google Cloud Platform (GCP) or AWS, and containerized platforms such as Docker and Kubernetes • cloud-native application environments • Google Cloud Platform (GCP) • Docker and Kubernetes • Understanding of networking protocols and modern data center architecture • Exceptional problem-solving skills, curiosity about the inner workings of systems, and strong attention to detail and documentation • Experience in security and compliance for FedRAMP solutions, including understanding of NIST, DoD, and related security standards • Security certifications such as CISSP, CSSLP, GIAC, or OSCP • Experience with Linux environments, administration, security, internals • Experience with identity and access management (e.g. OAuth 2.0, OpenID Connect, SAML 2.0, Active Directory, 2FA/MFA, LDAP, SCIM, FAPI, OpenBanking) • Experience with CI/CD in Federal or US government cloud deployment (e.g., AWS GovCloud, Azure, or GCP) • Experience with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible • Experience in vulnerability management measurement, reporting, and remediation
Responsibilities
• Own multiple Security Engineering assignments working with Ping Identity products, processes, and tooling • Assist in proposing, developing, and improving Secure Software Development Lifecycle (SSDLC) practices alongside global, high-performance product engineering teams • Work with the product teams to perform security design/code reviews and vulnerability assessment and management in an agile environment • Perform application security tasks including threat modeling, developer code reviews, consulting, static code analysis, dynamic runtime fuzzing, building custom tools, and automation and exploit development • Assist the Federal presales, support, and customer success teams responding to prospect, customer, and field questions related to product and industry security • Engage with third-party security consultants for independent security assessments, bug bounties, and penetration testing of the product
Benefits
• Generous PTO & Holiday Schedule • Progressive Healthcare Options • Retirement Programs • Opportunity for Education Reimbursement • Commuter Offset (Specific locations) • Ping is the collective sum of all our individual experiences, backgrounds and influences and we pride ourselves in growing and learning together. We are committed to building an inclusive and diverse environment where everyone’s individuality is respected and everyone has an Identity. In recruiting for new colleagues, we welcome the unique contributions you can bring and encourage you to be your best self.
No credit card. Takes 10 seconds.