About the RoleThe Application Security Engineer role is pivotal to the NinjaOne team. It has company-wide visibility and includes deliverables stretching across individual developers to executive leadership. As part of our core information technology team, you will directly contribute to the user experience of our 10,000+ customers across the Managed-Service-Provider space and in enterprise/corporate IT shops.Working directly with development, platform, and product teams you will integrate security into the product lifecycle from design through development. The ideal candidate is a subject matter expert in defining security requirements, performing application security assessments, and providing developers with remediation guidance and advice. On any given day you may be pulled in to evaluate a new system, review a proposed change, or provide guidance on security/coding best practices. You will also serve as a leader and mentor, as there are other team members who are junior in these areas of expertise—as well as in their careers.English resumes requiredLocation – Ecuador, Colombia, Brazil and MexicoWhat You’ll be DoingAnticipate possible security threats and identifying areas of weakness in Ninja’s environments and softwarePartner with Ninja Engineering to perform code analysis of large applications manually and with the assistance of SAST and DAST toolsPartner with engineering in triaging the reported findings by SAST, DAST, SCA, SBOM and similar products to reduce the potential False-positive ratesPerform security architecture design reviews of our products and infrastructureIdentify and perform well-controlled security vulnerability hunting through source code reviews and penetration testing of Ninja’s environments and softwareProvide remediation guidance and recommendations to developers and platform engineersWork with Engineering Managers team to help perform threat modeling of features and to prioritize and validate the urgency of identified vulnerabilities and security enhancement requestsIdentify knowledge gaps and define security best practices for development teams to understand, follow, and receive training forDevelop comprehensive and accurate reports and presentations for both technical and executive audiences (may be internal to Ninja, or external such as prospects/clients or media)About You3+ years of hands-on experience as an application security engineer, architect, or developer5+ years of experience within cybersecurity related fieldsSolid understanding of security protocols, cryptography, authentication, authorization, and securityExperience breaking down complex systems and applications to find security and logic flawsStrong cloud experience (AWS, Azure, GCP) and how to securely architect cloud-native solutionsFamiliarity with common vulnerabilities and attack vectors along with their mitigationsGood working knowledge of current cybersecurity risk frameworks (OWASP/NIST/BSIMM), threat modeling (STRIDE/DREDD), best practices for hardening systems (CIS/CSA) and familiarity with FedRAMP (FIPS 140-2)Expertise with modern software build systems: IaC, CI/CD, ContainersExpertise with Linux, Windows, and MacOS operating systems: how they’re architected in the enterprise and solutions for securing themStrong knowledge of TCP/IP & UDP protocols and networking design/architectureExtensive experience in information security and/or IT risk management with a focus on security, performance, and reliabilityProficiency with multiple software languages (Java, C++, Python, JavaScript, Kotlin, and Swift recommended)Strong critical thinking, analytical, and logical problem-solving skillsAbility to interact with a broad cross-section of personnel to explain and enforce security measuresA degree in Information Technology, Computer Science or related field is highly desirableOSCP, OFFSEC, GREM, GDAT, CISSP or equivalent certificationAbout UsNinjaOne automates the hardest parts of IT, empowering more than 17,000 IT teams with visibility, security, and control over all endpoints. The NinjaOne platform is proven to increase productivity, while reducing risk and IT costs. NinjaOne is consistently ranked #1 for its world-class support and is the top-rated software on G2 in seven categories including endpoint management, remote monitoring and management, and patch management.What You’ll LoveWe are a collaborative, kind, and curious community.We honor your flexibility needs with full-time work that is remote.We prioritize your work-life balance with our unlimited PTO.We reward your work with opportunity for growth and advancement.#LI-SP1#BI-REMOTE