Security Engineer

Tulip, the leader in frontline operations, is helping companies around the world equip their workforce with connected apps, leading to higher quality work, improved efficiency, and end-to-end traceability across operations. Companies of all sizes and across industries have implemented composable solutions with Tulip’s cloud-native, no-code platform to solve some of the most pressing challenges in operations: error-proofing processes and boosting productivity, capturing and analyzing real-time data, and continuous improvement.

A spinoff out of MIT, Tulip is headquartered in Somerville, MA, with offices in Germany and Hungary. Focused on composable, human-centric solutions for industrial environments, Tulip is disrupting the MES category and has been recognized as a World Economic Forum Global Innovator. Tulip has also been named one of Energage’s Top Workplaces USA and one of Built In Boston’s “Best Places to Work” and “Best Midsize Places to Work” for 2023. 

About You:

• You have a passion for security
• You are a team player, and enjoy collaborating with cross-functional teams
• You are a great communicator
• You employ a flexible and constructive approach when solving problems
• You share our values, and work in accordance with those values
• You are positive and solution oriented

What skills do I need? 

• Familiar with common security libraries, security controls, and common security flaws
• Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
• Knowledge of common authentication technologies including OAuth, OpenID Connect, SAML, X.509 certificate authentication, OTP/TOTP.
• Knowledge of browser-based security controls such as CSP, HSTS, CORS.
• Experience with standard web application security tools such as Metasploit, OWASP ZAP, nmap and Kali Linux.
• Integrate security testing (OWASP top 10, etc) with Tulip’s  CI/CD framework - security testing as part of our SDLC.
• Evaluate security vulnerabilities submitted by third parties.
• Educate other developers on secure coding best practices---creating security-focused materials and leading engineer/employee training sessions.

Key Responsibilities:

• Risk Management
• Perform vulnerability management and be a subject matter expert (SME) for mitigation approaches.
• Tulip product development
• Make decisions related to architecture, authentication and system security with a focus on continuously improving product security
• Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures.
• Develop automated security testing to validate that secure coding best practices are being used.
• Code quality
• Proactively identify and reduce security risks.
• Find and remove outdated and vulnerable code and code libraries.
• Conduct risk evaluation of Tulip product features.
• Conduct application security reviews, including code review and dynamic testing.
• Evaluate and help remediate issues found by source code and container image scans.
• Performance & Scalability: Write code that is not only secure but scales to a large number of users and systems
• Develop security training and socialize the material with internal development teams.

Key Collaborators:

Engineering, DevOps

Working At Tulip

We know even great candidates experience imposter syndrome. Even if you don’t match every requirement, applying gives you the opportunity to be considered. 

We’re building a strong, diverse team that values hard work, families, and personal well-being. Benefits of working with us include:

• Direct impact on product and culture
• Company equity
• Competitive benefits package including Health, Dental, Vision, Short-term Disability, Long-term Disability, Life Insurance, AD&D Insurance, Flexible Spending Account (FSA), Commuter Benefits, Parental Leave, and 401(K)
• Flexible work schedule and unlimited vacation policy
• Virtual company events and happy hours
• Fitness subsidies

We are an equal opportunity employer. At Tulip, we celebrate all. Qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Help us build an inclusive community that will transform frontline operations.