Senior Product Security Engineer | Application Security

At ExtraHop, we're on a mission to help organizations achieve complete visibility, real-time threat detection, and proactive security through cutting-edge network detection and response (NDR) technology. Our NDR product is a market leader, providing our customers with the ability to detect, investigate, and respond to threats faster than ever before.

We’re proud of the work we do and the recognition we’ve received, including our recent Gartner Peer Insights award, which reflects the trust and satisfaction our customers have in our solutions.

If you're passionate about innovation, dedicated to protecting digital infrastructures, and ready to make a real impact, we invite you to join our team and help us shape the future of cybersecurity.

Position Summary

Do you enjoy the challenge of securing complex systems? Want to be a part of a collaborative team that builds solutions that protect some of the biggest networks in the world? ExtraHop is seeking a Senior Product Security Engineer, experienced with modern software development practices to build and operate product security program capabilities, tools, and processes that allow us to keep pace with a rapidly changing security landscape, reduce security risk and enable organizational success.

We're looking for candidates with a mix of software development and application security experience, who enjoy working in a collaborative environment and taking direct action to identify, remediate and prevent vulnerabilities and security issues.

You must have experience with securing web applications, APIs and software systems, working with public cloud infrastructure, and be familiar with container technologies.

Key Responsibilities

• Define standards for secure development and configuration of application and infrastructure components; and coordinate with other teams to ensure compliance with those standards
• Perform threat modeling, security design reviews, code reviews, and security consultations with software and systems engineers
• Implement, manage and improve vulnerability scanning tools (including SAST, DAST, SCA, and application fuzzing), configuration auditing and other security assessment tools
• Build and improve vulnerability management processes and tooling to support system owners to successfully
• Conduct manual pen testing of new features existing systems; lead red team exercises
• Coordinate third party pentesting and bug bounty programs
• Triage vulnerability findings, evaluate risk, recommend effective remediation actions
• Develop and deliver training on secure development standards and process
• Contribute to disaster recovery and contingency planning
• Perform and / or lead security incident response activities
• Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections
• Support security compliance & certifications programs (e.g., FedRAMP, NIST SP-53, NIST CSF, SOC 2, ISO, FIPS -2, etc.) by becoming familiar with control requirements, owning / operating specific controls, and helping other teams meet requirements
• Other duties as assigned

Required Qualifications

Preferred Qualifications

The base salary for this position rages from , - , plus bonus benefits

Note : employees, including fully remote staff, are expected to attend two in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each.