United States onlyAppSec Engineer
Remote, USA OneStream Software LLC
Benefits Offered Vision, Medical, Life, Dental, 401K
Employment Type Full-Time
Compensation $105,000.00 - $140,000.00 (Range applies to US candidates only) + Benefits/Variable Comp./Equity - Range may vary based on experience.
ABOUT THE JOB
We are looking for an Application Security Engineer to join the Information Security team. Responsibilities for this position include developing and enforcing secure coding and development practices, performing security testing against the OneStream platform to identify risks and vulnerabilities before release and throughout the SDLC, and reviewing the output of application security tools to provide insight and guidance to the organization about remediation. In addition to these responsibilities, this position will play an integral role in leading the security of the OneStream platform by taking part in the planning and architecture of new features, as well as lead or aid in the development of custom tools to be used for performing security scans.
The ideal candidate for this position will be someone with a solid foundation of secure development and programming practices, a working knowledge of C# and .NET code, and a passion for securing our platform for our customers. This position will require the candidate to communicate with teams across all levels of the organization and be able to explain and discuss technical details with both technical and non-technical audiences. At times it may be necessary to create proof-of-concept exploits against a target to validate vulnerabilities and to determine the risk that certain vulnerabilities may truly pose to customers.
RESPONSIBILITIES
Primary Responsibilities:
- Perform manual and automated application security testing.
- Perform code analysis to ensure security of OneStream platform code.
- Review the SDLC to identify any areas where security of our supply chain could be improved.
- Collaborate with Development and Engineering teams to secure OneStream services.
- Work with other members of the Security team to identify attack patters and indicators of compromise.
- Develop and maintain custom security testing tools for internal testing.
- Create and enforce secure development policies and procedures.
- Provide guidance to junior members of the Security team to promote growth and learning.
- Document and report security concerns found during testing.
- Perform penetration testing against OneStream assets to validate infrastructure security.
QUALITIES OF A SUCCESSFUL CANDIDATE
Formal Education and Certification
- BSc/BA in Computer Science, Engineering, or relevant field, with 8+ years of experience in application security testing, penetration testing, or development.
- MSc/MA in Computer Science, Engineering, or relevant field, with 3+ years of experience in application security testing, penetration testing, or development.
- Assoc. in Computer Science, Engineering, or relevant field, with 12+ years of experience in application security testing, penetration testing, or development.
Knowledge and Experience
- Experience with writing C# & .NET code.
- Experience performing code reviews on C# & .NET code.
- Experience penetration testing web applications.
- Experience with decompiling and reverse engineering .NET libraries.
- Experience with IT Security & infrastructure, security risk management, SOC2, FedRAMP, security policies & procedures, security testing & auditing, internal audit.
- Any industry recognized certifications:
- Offensive Security Certified Professional (OSCP).
- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).
- GIAC Penetration Tester (GPEN).
- Other Offensive Security or Penetration Testing Certifications.
Personal Attributes
- Outstanding communication skills.
- Organized.
- Strong reasoning skills.
- Self-motivated, self-starter.
- Independent thinker, with good judgement.
- Ability to think fast and on their feet.
- Sound decision making skills.
- Ability to evaluate pros and cons.
- Ability to multitask and prioritize a variety of projects.
- Comfortable with communicating with all levels of management.
- Experience with OneStream Software not required, but experience with any financial consolidation package is a plus.
- Legally authorized to work for any company in the United States without sponsorship.
WHO WE ARE
OneStream® is an independent software company backed by private equity investors. OneStream provides an intelligent finance platform built to enable confident decision-making and maximize business impact.
OneStream unleashes organizational value by unifying data management, financial close and consolidation, planning, reporting, analytics, and machine learning. We empower Finance and Operations teams with AI-enabled insights to make faster and more intelligent decisions every single day. All in a single, modern CPM platform designed to continually evolve and scale with your organization. To learn more visit www.onestream.com.
WHY JOIN THE ONESTREAM TEAM
- Transparency around corporate structure, salary, and benefits
- Core value of customer success
- Variety of project work (not industry specific)
- Strong culture and camaraderie
- Multiple training opportunities
Benefits at OneStream SoftwareOneStream employees are passionate, hardworking individuals who go above and beyond to keep our customers happy and follow through on our mission statement. They consistently deliver the best and in turn, we make every effort to keep them cared for and happy. A sample of the benefits we provide are:
- Excellent Medical Plan
- Dental & Vision Insurance
- Life Insurance
- Short & Long Term Disability
- Vacation Time
- Paid Holidays
- Professional Development
- Retirement Plan
OneStream Software is an Equal Opportunity Employer.
CA and US only