Application Security Engineer (Remote - US)

PDQ, founded in Salt Lake City, UT, makes device management simple, secure, and Pretty Damn Quick. IT teams use our products to reduce complexity, improve efficiency, and enhance control in their unique environments. We are backed by TA Associates and Berkshire Partners, top-tier global PE companies. SimpleMDM and SmartDeploy are powered by PDQ. 

PDQ's Mission: We make device management simple, secure and pretty damn quick.

PDQ's Core Values: Honesty, Ownership, Collaboration and Improvement

As an Application Security Engineer at PDQ, you will play a crucial role in applying security best practices throughout the software development lifecycle and testing our applications against security risks before release. Your experience and skills will provide guidance to our development teams on secure coding practices and contribute to the design and implementation of secure architecture. Your efforts will help foster a culture of security considered at every level of the organization.

In this role, you'll collaborate with PDQ's Operational Security team to:

- Ensure proper implementation of security practices, such as vulnerability scanning and penetration testing 

- Perform regularly scheduled and ad hoc security audits 

- Support achievement of meaningful industry certifications (e.g. ISO, SOC) 

- Manage prioritization of all security related activities 

- Monitor threat landscape (e.g. CISA feeds, industry publications, news, etc.) and engage with Product Leadership Team to ensure adequate controls are in place 

- Collaborate with DevOps to ensure security measures are implemented in production environments 

- Automate security checks and scans in DevOps environments 

- Assist with response and recovery related to security incidents or breaches -

What you'll be doing:

• Perform regular secure coding training with engineering teams and refine secure coding practices and standards 
• Ensure deliverables and gates for security are integrated at all stages of the SDLC 
• Develop and maintain documentation of application security controls 
• Collaborate with engineering teams to ensure standard security requirements are defined and included in every product release 
• Improve and implement processes for secure code reviews 
• Schedule and take part in application security testing and threat modeling exercises 
• Recommend implementation of advanced security features 
• Monitor process of resolution of critical and high findings from vulnerability, SAST, DAST, and SCA scans relative to agree upon SLAs and elevate any discrepancies for remediation 
• Assist engineers in assessing and remediating vulnerabilities
• Build and maintain a multi-year Product Security roadmap and align priorities for roadmap and resourcing with Product Leadership Team. 

We're looking for people who have:

• Bachelor’s Degree in Computer Science or related fields, or equivalent experience 
• Solid understanding of web and mobile application security across the SDLC 
• Strong experience with secure cloud architecture and design 
• Knowledge of a variety of languages across PDQ’s technical stack 
• Experience with a variety of security testing tools and best practices 
• Strong experience with threat modeling and analysis 
• Experience implementing and securing cloudstorage and cloud infrastructure 
• Understanding of common threats and attacks, as well as security protocols and standards 
• Ethical hacking knowledge a plus 

We need someone who can:

• Work collaboratively across multiple departments 
• Handle sensitive and confidential information 
• Apply strong analytical and problem-solving skills 
• Exercise curiosity and seek opportunities for continued learning
• Think creatively and outside the box – think like a hacker!
• Stay up to date on latest security trends and technologies
• Communicate concepts to technical and non-technical audiences alike

Tools we use:

• Applications written in Elixir, C#, Ruby, JavaScript, Python 
• Infrastructure implemented in GCP/Kubernetes 

Do you think you have what it takes but don’t necessarily meet all the requirements? Apply anyway – you could be exactly who we are looking for! 

PDQ offers all of the great perks and benefits you'd expect from working at a very cool tech company, and even some you might not expect, including:

4-Day Work Week

Managers who champion professional development and are technically experienced (the best kind of experience)

100% Premium Coverage for medical, dental and vision for you and your dependents

100% Premium Coverage for Short Term Disability, Long Term Disability, Life, and AD&D Insurance

Company Match of the first 6% of your employee deferrals after you’ve been employed with us for 90 days

Flexible Paid Time Off Policy that treats you like the adult that you are

Health Savings Account (HSA) and wellness incentives

Quarterly Company Values Award (team member nominated)

PDQ is proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. If you would like to request reasonable accommodation for a medical condition or disability during any part of the application process, please contact [email protected].

The majority of PDQ's full-time roles do not qualify for sponsorship of employment visas such as the H-1B visa. This applies to scenarios where a candidate might possess temporary work authorization during their schooling or after graduation (e.g., CPT, OPT), but would require H-1B visa sponsorship within a few years of employment to retain eligibility for employment. 

*Currently, candidates who are eligible for fully remote positions can live in any of the following US states: AR, AZ, CO, CT, FL, GA, ID, IL, IN, KY, MD, MI, MN, MO, NC, NH, OK, OR, TN, TX, UT, VA, WA, WI.