**About the Role**
The Application Security Engineer role is pivotal to the NinjaOne team. It has company-wide visibility and includes deliverables stretching across individual developers to executive leadership. As part of our core information technology team, you will directly contribute to the user experience of our 10,000+ customers across the Managed-Service-Provider space and in enterprise/corporate IT shops.
English resumes required
**Location** - Ecuador, Colombia, Brazil and Mexico
**What **You'll be Doing**
- Anticipate possible security threats and identifying areas of weakness in Ninja's environments and software
- Partner with engineering in triaging the reported findings by SAST, DAST, SCA, SBOM and similar products to reduce the potential False-positive rates
- Perform security architecture design reviews of our products and infrastructure
- Identify and perform well-controlled security vulnerability hunting through source code reviews and penetration testing of Ninja's environments and software
- Provide remediation guidance and recommendations to developers and platform engineers
- Work with Engineering Managers team to help perform threat modeling of features and to prioritize and validate the urgency of identified vulnerabilities and security enhancement requests
- Identify knowledge gaps and define security best practices for development teams to understand, follow, and receive training for
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences (may be internal to Ninja, or external such as prospects/clients or media)
**About You**
- 5+ years of experience within cybersecurity related fields
- Solid understanding of security protocols, cryptography, authentication, authorization, and security
- Strong cloud experience (AWS, Azure, GCP) and how to securely architect cloud-native solutions
- Familiarity with common vulnerabilities and attack vectors along with their mitigations
- Good working knowledge of current cybersecurity risk frameworks (OWASP/NIST/BSIMM), threat modeling (STRIDE/DREDD), best practices for hardening systems (CIS/CSA) and familiarity with FedRAMP (FIPS 140-2)
- Expertise with modern software build systems: IaC, CI/CD, Containers
- Expertise with Linux, Windows, and MacOS operating systems: how they're architected in the enterprise and solutions for securing them
- Strong knowledge of TCP/IP UDP protocols and networking design/architecture
- Extensive experience in information security and/or IT risk management with a focus on security, performance, and reliability
- Proficiency with multiple software languages (Java, C++, Python, JavaScript, Kotlin, and Swift recommended)
- Strong critical thinking, analytical, and logical problem-solving skills
- Ability to interact with a broad cross-section of personnel to explain and enforce security measures
- A degree in Information Technology, Computer Science or related field is highly desirable
- OSCP, OFFSEC, GREM, GDAT, CISSP or equivalent certification
**About Us**
NinjaOne automates the hardest parts of IT, empowering more than 17,000 IT teams with visibility, security, and control over all endpoints. The NinjaOne platform is proven to increase productivity, while reducing risk and IT costs. NinjaOne is consistently ranked #1 for its world-class support and is the top-rated software on G2 in seven categories including endpoint management, remote monitoring and management, and patch management.
**What You'll Love**
We are a collaborative, kind, and curious community.
We honor your flexibility needs with full-time work that is remote.
We prioritize your work-life balance with our unlimited PTO.
We reward your work with opportunity for growth and advancement.
LI-SP1
BI-REMOTE