Software Security Engineer - remote

Yubico
Posted 3 years ago  • Remote (US)

Yubico’s mission is to create a safer internet for everyone. Our core invention, the YubiKey, a hardware-based token, revolutionized secure logins for top Internet brands, including Google and Facebook, and for millions of users in 160 countries. We are seeking an experienced Software Security Engineer to join our Product Security team.

The Role

Reporting directly into our CISO, our Product Security team is responsible for ensuring Yubico develops and maintains secure products and services. As a Software Security Engineer, it is important that you bring not only strong technical expertise in product security, but also the ability to successfully collaborate with a diverse set of engineering teams.

As a company, Yubico has grown from 50 to almost 300 employees over the past four years, and the security team is growing and maturing along with it. Our small but impactful team of four find their day to day responsibilities at Yubico are fluid and varied, spanning a wide variety of technologies and unique challenges. The diverse opportunities that come their way provide a variety of exciting growth opportunities.

Our ideal candidate will have the opportunity to shape the future of Yubico’s products, services, and the operations of an industry leading security company. If you are looking for a fun challenge, are passionate about security, and would like to join a team where being a security person isn’t such a bad thing (it’s really good, actually), we welcome you to apply.

Responsibilities

  • Define and evangelise requirements and guidance for secure by design and secure by default principles
  • Implement automation to prevent and detect security flaws in all phases of development
  • Conduct design reviews and manual security assessments of our software
  • Lead training and awareness sessions
  • Define and implement metrics to provide visibility into the impact of your work
  • Define, lead, and influence processes to secure products and services
  • Identify and advocate for new and novel uses of Yubico’s technology

Required Skills &Experience

  • 3+ years in a product security role
  • 5+ years of software development
  • Proficiency in threat modeling
  • Proficiency in Go, C#, Python or Java
  • Knowledge of common vulnerability classes

Optional Skills and Experience

  • Bachelor’s or Master's degree in Computer Science or similar fields
  • Knowledge of WebAuthn, OATH HOTP, OATH TOTP, U2F, PIV, or OpenPGP
  • Experience developing solutions on Google Cloud, Azure, or AWS
  • Proficiency in C/C++, Rust, or Javascript
  • Formal experience training on secure development concepts and practices

Job Details

  • All security team members must be able to travel to Yubico’s other offices in Stockholm, Sweden, Palo Alto, CA, and Bellevue, WA at least two times per year. Travel is subject to COVID-19 restrictions and precautions.
  • Start date: immediately
  • Hours: full time
  • Competitive salary + Bonus + Benefits + Stock options

We are an equal opportunity employer, we value diversity and uphold an inclusive environment where all people feel that they are equally respected and valued. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, gender expression, age, marital status, religion, national origin, veteran or disability status. We'd love to learn about what you can add to our diverse team.