Senior Application Security Engineer

Your opportunity
New Relic is hiring a security engineer to join our Product Security Team! The Infrastructure Assurance team is responsible for safeguarding New Relic's global infrastructure (including servers, clusters, networks, workstations, and cloud). We focus on proactive security controls, performing pragmatic threat assessments, and working with teams to ensure they understand and prioritize security work appropriately.

We value character and practical experience over certifications, and believe that building relationships is far more effective at improving security than dictating what engineers can and cannot do. You do not need to have a deep history as a security engineer to qualify, but should be able to clearly demonstrate multi-cloud systems management, architectural design, automation skills, and show an interest in endorsing security as an integral component of the value that we provide to our customers.

What you'll do

• Working understanding of SOC 2, FedRAMP, CIS Critical 18, and PCI DSS frameworks.
• Address software security risks in novel ways by applying technology, automation, relationships, and culture. We work in a continuous deployment, cloud-based environment and adapt our security efforts to the processes and technologies New Relic uses to deliver innovative and best-in-class products.
• Collaborate with our architecture and standards teams to ensure that we are meeting the common needs of our engineering teams and that we are able to scale our support for them.
• Work with software engineers to identify and analyze security vulnerabilities and follow through with issues until resolution.
• Ability to explain and advise on security design and implementation of complex security problems, including the ability to dive into code reviews with developers
• Lead and execute strategies to expand and enhance the Bug Bounty Program. Investigate, reproduce, and respond to security vulnerabilities reported through the bug bounty program.
• Perform penetration testing of web applications/APIs/graphql and threat modeling for complex and high value applications and services, identifying and preventing security and privacy errors early in development.
• Perform threat modeling, design and security reviews for complex and high value applications and services, identifying and preventing security and privacy errors early in development.
  
  
  

This role requires

• Bachelor's degree in Computer Science or equivalent practical education and experience.
• 4+ years application security engineering experience.
• Programming and/or vulnerability research experience in one or more languages (such as: Ruby, Java, Go, Python)
• Basic understanding of risk management, network security controls, authentication, and common security protocols.
• Ability to work autonomously, navigate ambiguous situations, and identify innovative solutions.
• Ability to draft/maintain clear and concise documentation.
  
  
  

Bonus points if you have

• Web application pentesting certifications like OSWA, OSWE, OSCP or equivalent.
• Experience securing infrastructure and services built in Azure, or Google Cloud.
• Experience performing security reviews and risk assessments.
• Writing in and understanding an infrastructure orchestration solution, such as Terraform, Chef, or Ansible.
• Proficiency in at least one programming language, like Python, Ruby, and/or Go.
• Proven capability to improve various processes via automation.
  
  
  

Fostering a diverse, welcoming and inclusive environment is important to us. We work hard to make everyone feel comfortable bringing their best, most authentic selves to work every day. We celebrate our talented Relics’ different backgrounds and abilities, and recognize the different paths they took to reach us – including nontraditional ones. Their experiences and perspectives inspire us to make our products and company the best they can be. We’re looking for people who feel connected to our mission and values, not just candidates who check off all the boxes.

If you require a reasonable accommodation to complete any part of the application or recruiting process, please visit https://newrelic.avature.net/accommodations to submit your request.

Our hiring process

Please note that visa sponsorship is not available for this position.

In compliance with applicable law, all persons hired will be required to verify identity and eligibility to work and to complete employment eligibility verification. Note: Our stewardship of the data of thousands of customers’ means that a criminal background check is required to join New Relic.

Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. New Relic does not accept unsolicited headhunter and agency resumes, and will not pay fees to any third-party agency or company that does not have a signed agreement with New Relic.

New Relic is proud to be an equal opportunity employer. We foster a diverse, equitable, and inclusive environment, free from all types of discrimination, so our Relics can thrive. We hire people with different backgrounds, experiences, abilities and perspectives.

Candidates are evaluated based on qualifications, regardless of race, religion, ethnicity, national origin, sex, sexual orientation, gender expression or identity, age, disability, neurodiversity, veteran or marital status, political viewpoint, or other legally protected characteristics.

Review our Applicant Privacy Notice at https://newrelic.com/termsandconditions/applicant-privacy-policy.