Principal Application Security Engineer

2 Months ago • 7 Years + • Cyber Security • $174,000 PA - $250,000 PA

Job Summary

Job Description

The Principal Application Security Engineer at Barracuda Networks is responsible for ensuring the security of Barracuda's software and services. This involves source code review, application security assessments, integrating automated security solutions, architecture review, and advising on security best practices. The role requires collaboration with development teams throughout the software development lifecycle, managing bug bounty programs, responding to security incidents, and evaluating new security technologies. Experience with various security tools and methodologies (SAST/DAST/SCA, fuzzing, threat modeling) is essential. The engineer will also communicate effectively with various teams and stakeholders, and contribute to the overall security posture of the organization.
Must have:
  • 7+ years experience
  • Source code review (Python, PHP, Go)
  • Manual application penetration testing
  • Vulnerability risk assessment & remediation
  • Collaboration with development teams
  • SAST/DAST/SCA experience
Good to have:
  • Solutions architecture review
  • Threat modeling
  • Fuzzing
  • Bug bounty program management
  • Infrastructure as Code & cloud security (Azure, AWS)
  • OAuth/OpenID Connect and SAML understanding
Perks:
  • Equity (non-qualifying options)
  • High-quality health benefits
  • Retirement plan with employer match
  • Career-growth opportunities
  • Flexible Time Off
  • Volunteer opportunities

Job Details

Job ID 25-439

 

Come Join Our Passionate Team!  At Barracuda, we make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level.

We know a diverse workforce adds to our collective value and strength as an organization.  Barracuda Networks is proud to be an Equal Opportunity Employer, committed to equal employment opportunity and equitable compensation regardless of race, gender, religion, sex, sexual orientation, national origin, or disability. 

Envision yourself at Barracuda

The Principal Application Security Engineer assures the safety and security of Barracuda Networks software and services through source code review, manual application security assessment, operation and integration of automated security assessment solutions, architecture review, and expert advice regarding software security trends, threats, best practices and incidents. Through assuring the safety and security of Barracuda Networks software and services, the Application Security Engineer helps to keep our customers and their data safe and secure. 

Tech Stack Exposure

  • A deep understanding of software security best practices and vulnerabilities, especially as they relate to web applications (e.g. OWASP Top 10) 
  • Experience identifying vulnerabilities in software and SaaS services 
  • Experience in source code review, preferably for Python, PHP and Go 
  • Experience in scoping and performing manual application penetration testing 
  • Experience in assessing the risk of identified vulnerabilities, and providing correct, robust and actionable recommendations to mitigate and/or resolve the vulnerabilities 
  • Experience in understanding software vulnerabilities, in finding other instances of the vulnerability across codebases, and in identifying collateral/related vulnerabilities. 
  • Experience in assessing the implemented resolution of a vulnerability for completeness and accuracy, and identifying bypasses for the implemented resolution 
  • Experience in working collaboratively with software development teams to identify vulnerabilities in all stages of software development 
  • Experience in communicating effectively with people of varying security proficiency and interest (fellow security professionals, engineering, and management) 
  • The ability to coordinate and participate in wide-scale Software Incident Security Response exercises such as the log4j response, understanding and unpacking information as incidents unfold, and in working across the organization to deliver a comprehensive "Identify, Resolve, Validate" solution 
  • Basic programming experience in at least one language, preferably Python or Go, and experience in automating routine tasks such as searching source code and manipulating data. 

What you’ll be working on

  • Ensure the secure delivery of software from design through to implementation 
  • Maintain awareness of software security trends, incidents, and best practices, and provide expert advice and guidance to engineering teams regarding secure development and vulnerability remediation. 
  • Manage Barracuda’s bug bounty programs 
  • Work collaboratively with the organization, including with Security, Compliance and Engineering, to understand and remediate computer and software security incidents 
  • Evaluate new and emerging security technologies, features, and products. 

What you bring to the role

  • 7+ years of experience 
  • The ability to perform source code review in new and unfamiliar languages using knowledge of security best practices and a willingness to read documentation 
  • Solutions architecture review experience, and the ability to identify opportunities and vulnerabilities early in the specification and development of software 
  • Threat modelling experience 
  • Fuzzing experience 
  • Experience using and integrating automated software security scanners such as SAST/DAST/SCA 
  • An understanding of Infrastructure as Code and cloud platform security (preferably Azure and AWS) 
  • An understanding of identity, authentication and authorization protocols including OAuth/OpenID Connect and SAML 
  • Published examples of work such as original research, vulnerability advisories, conference talks, bug bounty writeups or CTF writeups 
  • The ability to identify opportunities for process improvement, including automation and the authorship of software (scanners, fuzzers, helper utilities etc.) 
  • Experience participating in and/or managing bug bounty programs 
  • Experience with and/or a willingness to collaborate with other security functions such as compliance and policy, network/corporate security, security monitoring and incident response 
 
What you’ll get from us 
 
A team where you can voice your opinion, make an impact, and where you and your experience are valued. Internal mobility – there are opportunities for cross training and the ability to attain your next career step within Barracuda.  
 
  • Equity, in the form of non-qualifying options 
  • High-quality health benefits 
  • Retirement Plan with employer match 
  • Career-growth opportunities 
  • Flexible Time Off and Paid Time Off benefits 
  • Volunteer opportunities 

At Barracuda, we believe in fair and equitable compensation practices that reflect both market realities and the unique circumstances of each geographical location. We recognize that cost-of-living disparities, market conditions, and other factors can significantly impact compensation expectations in different regions. The compensation range provided in this job description is for illustrative purposes only and may not reflect the actual compensation offers for the position in your location. Final compensation will be determined based on a variety of factors including the candidates’ qualifications and experience. 

California: $232,000 - $250,000
New York City: $193,000 - $218,000
Westchester County, NY: $193,000 - $218,000
Washington: $209,000 - $223,000
Colorado: $174,00 - $191,500

 

#LI-remote

 

Similar Jobs

McArrows - Wordpress Developer (3 years experienced)

McArrows

Gurugram, Haryana, India (On-Site)
5 Months ago
Solvative - Word Press Developer-Winter Internship 2024

Solvative

Ahmedabad, Gujarat, India (Remote)
4 Months ago
Power Integrations - Lead Web Developer

Power Integrations

Pasig, Metro Manila, Philippines (On-Site)
4 Months ago
Xsolla - PHP Backend Developer

Xsolla

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (Hybrid)
3 Months ago
News Corp - Senior Engineer, Wordpress Development

News Corp

Bengaluru, Karnataka, India (Hybrid)
4 Months ago
ByteDance - Threat Intelligence Engineer, Security Assurance

ByteDance

Singapore (On-Site)
3 Months ago
PwC - Certinia Developer Lead

PwC

Buenos Aires, Buenos Aires, Argentina (On-Site)
4 Months ago
Google - Cloud Architect, Google Workspace (English)

Google

Mexico City, Mexico City, Mexico (On-Site)
2 Months ago
Google - Head of Security Sales, SLED, Google Public Sector

Google

Reston, Virginia, United States (On-Site)
2 Months ago
Rackspace Technology - GRC Governance Specialist

Rackspace Technology

Aguascalientes, Aguascalientes, Mexico (Remote)
4 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Nagarro - Senior Staff Engineer, PHP Magento

Nagarro

Mexico (Remote)
4 Months ago
ByteDance - Senior Software Engineer, Multi Cloud CDN - San Jose / Seattle / Boston

ByteDance

Boston, Massachusetts, United States (On-Site)
2 Months ago
InnoGames - Ausbildung zum*r Fachinformatiker*in Anwendungsentwicklung in der Spieleentwicklung

InnoGames

Hamburg, Hamburg, Germany (Hybrid)
5 Months ago
InnoGames - InnoMaster Softwareentwicklung (berufsbegleitendes Masterstudium) - WiSe25

InnoGames

Hamburg, Hamburg, Germany (Hybrid)
5 Months ago
Meta - Software Engineering Manager, Product Infrastructure

Meta

Washington, District Of Columbia, United States (Remote)
3 Months ago
Meta - Software Engineer, Infrastructure

Meta

Bellevue, Washington, United States (Remote)
3 Months ago
Bigpoint - Lead Game Developer

Bigpoint

Hamburg, Hamburg, Germany (Remote)
1 Month ago
Next Level Business Services - PHP DEVELOPER

Next Level Business Services

Boston, Massachusetts, United States (On-Site)
4 Months ago
Nagarro - Staff Engineer, PHP Drupal

Nagarro

Philippines (Remote)
4 Months ago

Get notifed when new similar jobs are uploaded

Jobs in United States

Keywords Studios (Player Support) - Technical Translation Service Provider (Remote/Company only)

Keywords Studios (Player Support)

United States (Remote)
3 Months ago
Rush Street Interactive - Senior People Partner

Rush Street Interactive

Chicago, Illinois, United States (On-Site)
2 Months ago
Spellbrush - LLM Engineer

Spellbrush

San Francisco, California, United States (On-Site)
6 Months ago
Meta - Production Engineering

Meta

Burlingame, California, United States (On-Site)
3 Months ago
Saviynt - Director, Product Management, Cloud Platform

Saviynt

Atlanta, Georgia, United States (On-Site)
4 Months ago
Netflix - Software Engineer (L5), N-Tech Software Engineering

Netflix

United States (Remote)
3 Months ago
Postman - Senior Platform Engineer, Observability Agent

Postman

San Francisco, California, United States (On-Site)
4 Months ago
The Walt Disney Company - Senior Software Engineer, Machine Learning - Ad Platforms

The Walt Disney Company

Santa Monica, California, United States (On-Site)
3 Months ago
Funko - Loungefly - Product Developer

Funko

Burbank, California, United States (On-Site)
2 Months ago
ByteDance - Senior Software Engineer, Multi Cloud CDN - San Jose / Seattle / Boston

ByteDance

San Jose, California, United States (On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Exabeam - Software Engineer II - Frontend

Exabeam

Pune, Maharashtra, India (On-Site)
4 Months ago
PwC - IN-Senior Associate_ Python Developers _Advisory Corporate_ Bangalore

PwC

Bengaluru, Karnataka, India (On-Site)
4 Months ago
PwC - Senior Security Engineers (Entra ID/AD)

PwC

Sofia, Sofia City Province, Bulgaria (On-Site)
4 Months ago
PwC - Assurance - FDI Senior Manager

PwC

Dublin, County Dublin, Ireland (On-Site)
4 Months ago
PwC - IN_Manager_Tech Lead Payments_FS  tech _Advisory _Mumbai

PwC

Mumbai, Maharashtra, India (On-Site)
4 Months ago
Palosade - Founding Threat Research Engineer

Palosade

Pune, Maharashtra, India (Hybrid)
4 Months ago
PwC - ETIC, GCP/Oracle Cloud Engineer - Manager

PwC

Cairo, Cairo Governorate, Egypt (On-Site)
4 Months ago
Microsoft - Principal Software Engineering Architect - Microsoft Defender for Endpoint - Windows technology

Microsoft

Tel Aviv-Yafo, Tel Aviv District, Israel (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

About The Company

California, United States (Hybrid)

United States (Remote)

Mumbai, Maharashtra, India (On-Site)

Sweden (Remote)

Reading, England, United Kingdom (Hybrid)

Germany (Remote)

Bengaluru, Karnataka, India (On-Site)

View All Jobs

Get notified when new jobs are added by Barracuda Networks Inc

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug