Senior Security Engineer at bitwarden

Job Description

This is an all-remote team and we need someone who can have some overlap with the US Eastern time zone. We do not offer visa sponsorship at this time.

RESPONSIBILITIES

Research emerging threats across the surface web, dark web, and deep web.
Build threat models, conduct threat hunts, and plan and execute purple team engagements.
Coordinate internal red team testing operations that emulate a threat actor.
Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to improve our offensive and defensive security controls.
Contribute to vulnerability testing and analysis, incident response and analysis, alert response and analysis activities
Include testing for web, mobile, CLI, and desktop application security issues across our multi-product portfolio, including Bitwarden Password Manager, Secrets Manager, and Passwordless.dev, our APIs, serverless functions, and database.
Participate in code reviews, learning and spreading technical knowledge
Independently plan, estimate and deliver new feature work and bug fixes
Contribute bug fixes for security related issues.
Coordinate technical validation and leadership review of purple team reports detailing testing results and potential areas of improvement.
Conduct internal penetration tests on systems and networks to determine realistic threat vectors.
Effectively communicate findings, attack paths, and recommendations to stakeholders.
Train others on the adversary simulation tactics and procedures used
Stay informed on current security trends, publications, and advisories
Assist to provide guidance and subject matter expertise as it pertains to all areas of security and technical operations, including analysis of our cloud environments, security testing and documentation, as well as investigations, software research, new technology, services and tools research, and vendor security analysis.
WHAT YOU BRING TO BITWARDEN

Experience with Penetration Testing Tools, such as Burp Suite, NMAP, Nessus, Metasploit, Kali Linux, SQLMap, Owasp ZAP, and manual testing tools
In depth knowledge of leading vulnerability management tools and strategies.
In depth understanding and usage of application security testing technologies is a plus.
Understanding of authentication concepts, including OpenIDConnect, SAML, OAuth, and SSO flows
Strong working knowledge of vulnerability management tools, data and network security technologies.
Collaborative and adaptable mindset
Openness and authenticity combined with excellent communication skills
Excitement and enthusiasm for open source and for better internet security
Excellent problem-solving skills – you might not know all the answers, but you know how to find and communicate the solution
Ability to maintain discretion, handle sensitive information and maintain security best-practices
Security purple team technocrat at heart, staying current with trends and new technologies
NICE-TO-HAVES

User of Bitwarden
Expertise in developing and maintaining .NET Core services and libraries in C#
Experience with maintaining, modifying, and optimizing SQL databases for enterprise-level solutions
Experience in the SecOps world and ability to apply security best practices across the organization
Experience with various MDM solutions
Azure/AWS management experience
WHAT TO EXPECT IN THE INTERVIEW PROCESS

Selected candidates will be invited to schedule an introduction call and potentially progress through the following stages:

Interview with hiring manager
Interview with team members
Interview with Head of Security
Interview with VP of Engineering
Reference calls
A FEW REASONS TO WORK WITH US

Our user community loves us and we love them. Come to work each day with a sense of purpose as we bring a more secure internet experience to everyone––from our friends and family to the world’s largest organizations.
Become an expert in a growing market. You’ll get immersed in the prominent technology markets of security and open source software.
Learn and grow professionally. Embrace the opportunity to build up your demand generation and product-led growth expertise in a fast-growing startup.
We are dedicated to building a diverse and talented team. Work remotely with motivated and supportive team members across the world and take part in productive and fun meetups.
We recognize and understand that people come with a wealth of experience and talent beyond just the technical requirements of a job. If you don’t meet 100% of the qualifications for the position, you should still consider applying. Diversity of experience and skills combined with passion is a key to innovation and excellence; therefore, we encourage people from all backgrounds to apply. Please let us know if you require accommodations during the interview process.