Application Security Engineer FedRAMP

About the team:

The Information Security organization advances the overall state of security at Rubrik through critical initiatives and coordination of large security projects. Information Security builds technologies tools andprocesses to better enable teams at Rubrik to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond toattacks against our assets provides awareness education to teams on security best practices for data protection and ensures data governance and data sharing relationships with third parties in order tosecurely protect Rubrik information.

About the role:

Rubrik is seeking an Application Security this role you will be responsible for ensuring that Rubriks products and services are designed and implemented to the highest possible security standards. You will partner with a variety of stakeholders across the business to achieve successful security outcomes in product and feature deliverables.

What youll do:

• Integrate security controls and practices into Rubriks secure SDLC and collaborate with Engineering to embed security into every phase of the development process.
• Perform security assessments of applications identifying vulnerabilities and weaknesses through both automated and manual testing techniques.
• Carry out detailed analysis of identified vulnerabilities to ensure high fidelity findings are provided to Engineering teams.
• Assist in identifying and implementing frictionless shift-left strategies to proactively prevent vulnerabilities earlier in the SDLC.
• Aid in the collection management and reporting of key Application Security metrics to track progress and identify trends.
• Analyze and harden existing applications automation and deployment processes
• Participate in security design reviews and threat modeling of proposed products and feature releases
• Work with development teams operations governance and other stakeholders to document security guidance processes and standards for Rubrik products and services
• Collaborate with compliance teams to ensure that Application Security strategies and services adhere to FedRAMP requirements.
• Participate in the annual audit process by providing documentation evidence and expertise related to Rubriks Application Security practices.

Experience youll need:

• Bachelors degree required; BS or MS in Computer Science Information Technology or a related field
• 3 years experience in Application Security with experience across SDLC activities such as threat modeling secure code review vulnerability management and penetration testing
• Knowledge of regulatory guidelines and standards such as FedRAMP SOC2 ISO 27001 etc.
• Broad knowledge of web application and cloud attack vectors and exploits
• Comprehension in multiple programming languages (Python Go Scala C/C Javascript/Typescript)
• Working experience with CI/CD pipeline containerization (Kubernetes Docker etc) and MicroServices
• Working knowledge of at least one major public cloud provider (AWS GCP Azure)
• Understanding of application security maturity model frameworks and how to apply them
• Foundational knowledge of deploying and securing SaaS applications and cloud environments
• Team player ability to establish priorities deal with conflicts work independently proceed with objectives and can-do attitude
• A self-starter with excellent critical thinking and problem solving skills
• Strong written and verbal communication skills

Security and Privacy Responsibilities:

This position carries special Security and Privacy Responsibilities for protecting the U.S. Federal Governments interests:

• Know acknowledge and follow system-specific security policies and procedures;
• Protect data and individual privacy per requirements and regulations;
• Perform ongoing activities in compliance with service and contractual obligations;
• Participate in role-based training completing assignments on a timely basis;
• Report security issues promptly and aid investigation when needed;
• Support controlled changes and vulnerability remediation activities; and
• Work collaboratively with Information Security in designing implementing assessing or enhancing system-specific security and privacy controls.

Position Risk Designation:

This position carries duties and responsibilities involving the U.S. Federal Governments interests. The selected incumbent may be subject to one or both of the additional background checks with periodic re-screening as noted below:

Position Risk Designation: Non-Sensitive Low Risk Tier 1

Incumbents without access to U.S. Government data may be required to complete Standard Form 85 and undergo a Tier 1 Investigation (T1) for non-sensitive positions of Low Risk. (Baseline screening; formerly National Agency Check and Inquiries (NACI)).

Position Risk Designation: Non-Sensitive Moderate Risk Tier 2 (Public Trust)

Incumbents with access to U.S. Government data may be required to complete Standard Form 85P and undergo Tier 2 (T2) Investigation for non-sensitive positions designated Moderate Risk.

Position Risk Designation:Moderate Risk Law Enforcement (CJIS)

When hired for a position where access to Moderate Risk criminal justice information is required the employee must complete a fingerprint-based national criminal history background check within 30 days after the employees start date.