Arctic Wolf, with its unicorn valuation, is the leader in security operations in an exciting and fast-growing industry—cybersecurity. We have won countless awards for our excellence in security operations and remain dedicated to providing an industry-leading customer and employee experience.
Our mission is simple: End Cyber Risk. We’re looking for a Lead Application Security Engineer to be a part of making this happen.
About the Role
The Lead Application Security Engineer role is responsible for implementing measures to ensure the security of Arctic Wolf software systems, applications, code, and related components. This role will work within our Information Security Engineering team to deploy and operationalize technical security capabilities with open collaboration with the Research and Development Team.
Responsibilities
Develop secure coding & secure design principles.
Train developers, architects, code reviewers, and others on secure coding practices.
Serve as the subject matter expert for Application Security, providing guidance to Engineering and Product teams.
Develop standards and training for security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, bug bounty and vulnerability management.
Work with development teams throughout the entire SDLC to ensure code is secure by design, secure by default, secure in deployment and communication, and automated.
Help software development teams to understand and remediate security findings within prescribed timelines.
Research and review any reported or suspected application vulnerabilities from third party library and source code.
Implement, configure, and train/document off-the-shelf application security technologies in the Arctic Wolf internal environment.
Create technical approaches to implementing application security control technologies. Perform risk assessments of identified vulnerabilities and mitigations.
Contribute to a world-class security program that supports Arctic Wolf’s tremendous growth.
Mentor and coach team members to further develop competencies.
Assist in developing security related libraries and tools to facilitate operations within our environment.
Security metrics delivery and improvements.
The ability to effectively partner and communicate with Engineering and Product teams.
Who You Are
Able to write clearly and succinctly in a variety of communication settings and styles; can get messages across that have the desired effect.
Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn't stop at the first answers.
Comes up with a lot of new and unique ideas; easily makes connections among previously unrelated notions; tends to be seen as original and value-added in brainstorming settings.
Minimum Qualifications
A bachelor's degree in computer science, Information Systems, Engineering, cybersecurity or related technical field; or equivalent experience.
7+ years of experience in security or infrastructure engineering Including assessing and escalating to vendors for troubleshooting purposes.
Thorough understanding of modern software development practices.
Thorough understanding of OWASP Top 10 vulnerabilities and corresponding best practices for mitigation.
Experience in deploying application security technologies such as SAST, DAST, IAST, SCA, etc.
Preferred Qualifications
Familiarity with cloud infrastructures, with Amazon Web Services (AWS) and/or Azure considered a strong plus.
Familiarity with containerization technologies such as Docker and/or Kubernetes is a huge plus.
Analytical and quantitative skills with proven experience in developing strategic solutions.
Significant prior experience securing large-scale web applications, including performing security code reviews, vulnerability assessments, and manual testing for logic flaws.
Experience working in regulated environments (SOX, ISO 27001, etc).
One or more Industry Certifications – (CISSP, CCSP, CSLP, OSCP, OSWE, GPEN, GWAPT, CEH, etc).
About Arctic Wolf
At Arctic Wolf we’re cultivating a collaborative and productive work environment that welcomes a diversity of backgrounds, cultures, and ideas to make our teams even stronger as we grow globally. We’ve been named among the list of Top Workplaces in USA, Minnesota (2021-2024), and Texas (2023-2024), Best Places to Work San Antonio (2023, 2024) and Minneapolis/St. Paul (2022-2024), Great Place to Work - Canada (2021-2024), and on the list of Best Workplaces in Technology (2024) in Canada. As well as on Fortune’s Best Place to Work for Millennials (2023) and Top Technology Workplace (2023) lists.
Our Values
Arctic Wolf recognizes that success comes from delighting our customers, so we work together to ensure that happens every day. We believe in diversity and inclusion, and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate that—by protecting people’s and organizations’ sensitive data and seeking to end cyber risk— we get to work in an industry that is fundamental to the greater good.
We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.
We also believe and practice corporate responsibility, and have recently joined the Pledge 1% Movement, ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities.
All wolves receive compelling compensation and benefits packages, including:
Equity for all employees
Flexible time off, paid volunteer days, and paid parental leave
401k & RRSP matching program
Enhanced maternity leave and fertility support services
Robust Employee Assistance Program (EAP) for mental health services
Training and career development programs
Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, provincial, or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful, and inclusive environment ensuring equal access and participation for people with disabilities. As such, we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing recruiting@arcticwolf.com.
Security Requirements
Conducts duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes and controls to protect the confidentiality, integrity and availability of AWN business information (in accordance with our employee handbook and corporate policies).
Background checks are required for this position.
This position may require access to information protected under U.S. export control laws and regulations, including the Export Administration Regulations (“EAR”). Please note that, if applicable, an offer for employment will be conditioned on authorization to receive software or technology controlled under these U.S. export control laws and regulations.