NinjaOne

About the Role 

The Application Security Engineer role is pivotal to the NinjaOne team. It has company-wide visibility and includes deliverables stretching across individual developers to executive leadership. As part of our core information technology team, you will directly contribute to the user experience of our 10,000+ customers across the Managed-Service-Provider space and in enterprise/corporate IT shops.  

Working directly with development, platform, and product teams you will integrate security into the product lifecycle from design through development. The ideal candidate is a subject matter expert in defining security requirements, performing application security assessments, and providing developers with remediation guidance and advice. On any given day you may be pulled in to evaluate a new system, review a proposed change, or provide guidance on security/coding best practices. You will also serve as a leader and mentor, as there are other team members who are junior in these areas of expertise—as well as in their careers. 

Location – we are flexible on remote working, if you are in the USA and in one of the following states: TX, FL, NC, GA, ME, CT, KS, VA, NJ, and CA. NinjaOne has physical offices in Austin, TX and Tampa, FL. 

What You’ll be Doing 

• Anticipate possible security threats and identifying areas of weakness in Ninja’s environments and software 
• Partner with Ninja Engineering to perform code analysis of large applications manually and with the assistance of SAST and DAST tools 
• Partner with engineering in triaging the reported findings by SAST, DAST, SCA, SBOM and similar products to reduce the potential False-positive rates 
• Perform security architecture design reviews of our products and infrastructure 
• Identify and perform well-controlled security vulnerability hunting through source code reviews and penetration testing of Ninja’s environments and software 
• Provide remediation guidance and recommendations to developers and platform engineers 
• Work with Engineering Managers team to help perform threat modeling of features and to prioritize and validate the urgency of identified vulnerabilities and security enhancement requests 
• Identify knowledge gaps and define security best practices for development teams to understand, follow, and receive training for 
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences (may be internal to Ninja, or external such as prospects/clients or media) 

About You 

• 3+ years of hands-on experience as an application security engineer, architect, or developer 
• 5+ years of experience within cybersecurity related fields 
• Solid understanding of security protocols, cryptography, authentication, authorization, and security 
• Experience breaking down complex systems and applications to find security and logic flaws 
• Strong cloud experience (AWS, Azure, GCP) and how to securely architect cloud-native solutions 
• Familiarity with common vulnerabilities and attack vectors along with their mitigations 
• Good working knowledge of current cybersecurity risk frameworks (OWASP/NIST/BSIMM), threat modeling (STRIDE/DREDD), best practices for hardening systems (CIS/CSA) and familiarity with FedRAMP (FIPS 140-2) 
• Expertise with modern software build systems: IaC, CI/CD, Containers 
• Expertise with Linux, Windows, and MacOS operating systems: how they’re architected in the enterprise and solutions for securing them 
• Strong knowledge of TCP/IP & UDP protocols and networking design/architecture 
• Extensive experience in information security and/or IT risk management with a focus on security, performance, and reliability 
• Proficiency with multiple software languages (Java, C++, Python, JavaScript, Kotlin, and Swift recommended) 
• Strong critical thinking, analytical, and logical problem-solving skills 
• Ability to interact with a broad cross-section of personnel to explain and enforce security measures 
• A degree in Information Technology, Computer Science or related field is highly desirable 
• OSCP, OFFSEC, GREM, GDAT, CISSP or equivalent certification 

About Us 

NinjaOne automates the hardest parts of IT, empowering more than 17,000 IT teams with visibility, security, and control over all endpoints. The NinjaOne platform is proven to increase productivity, while reducing risk and IT costs. NinjaOne is consistently ranked #1 for its world-class support and is the top-rated software on G2 in seven categories including endpoint management, remote monitoring and management, and patch management.

What You’ll Love 

We are a collaborative, kind, and curious community. 

We honor your flexibility needs with full-time work that is remote.

We have you covered with our comprehensive benefits package, which includes medical, dental, and vision insurance.

We help you prepare for your financial future with our 401(k) plan.

We prioritize your work-life balance with our unlimited PTO.

We reward your work with opportunity for growth and advancement.

Additional Information

Starting pay for the successful applicant depends on a variety of job-related factors, including but not limited to location, market demands, experience, job-related knowledge, and skills. The benefits available for this position include medical, dental, vision, 401(k) plan, life insurance coverage and PTO.

#LI-SP1

#BI-REMOTE

#BI-HYBRID