The Principal Application Security Engineer at Barracuda Networks ensures the security of software and services through source code review, application security assessments, automated security solution integration, architecture review, and expert advice.  Responsibilities include maintaining awareness of security trends, managing bug bounty programs, collaborating with various teams on incident response, evaluating new security technologies, and ensuring secure software delivery.  The role requires deep understanding of software security best practices and vulnerabilities, particularly in web applications.

Barracuda Networks Inc

Channel Business Manager

Account Manager

Account Executive - XDR Specialist

Senior Technical Product Marketing Engineer

Principal Application Security Engineer

Account Executive (New York)

Account Executive (TN or MO)

Partner Development Manager

Associate Account Executive (Cyber Security, Sales, SMB)

XDR Specialist

<div class="jv-job-detail-description" ng-non-bindable="">
                        <p>
                </p><div><span style="color: black;font-family: sans-serif , arial , helvetica;">Job ID 25 -618</span></div><div><span style="font-family: sans-serif , arial , helvetica;">&nbsp;</span></div><div><span style="color: black;font-family: sans-serif , arial , helvetica;">Come join our passionate team! Barracuda is a leading cybersecurity company providing complete protection against complex threats. Our platform protects email, data, applications, and networks with innovative solutions, and a managed XDR service, to strengthen cyber resilience. Hundreds of thousands of IT professionals and managed service providers worldwide trust us to protect and support them with solutions that are easy to buy, deploy, and use.</span></div><div><span style="font-family: sans-serif , arial , helvetica;">&nbsp;</span></div><div><span style="color: black;font-family: sans-serif , arial , helvetica;">We know a diverse workforce adds to our collective value and strength as an organization. Barracuda Networks is proud to be an Equal Opportunity Employer, committed to equal employment opportunity and equitable compensation regardless of race, gender, religion, sex, sexual orientation, national origin, or disability.</span></div><div><span style="font-family: sans-serif , arial , helvetica;">&nbsp;</span></div><div><span style="font-family: sans-serif , arial , helvetica;"><b><span style="color: black;">Envision yourself at Barracuda</span></b><span style="color: black;">&nbsp;</span></span></div><div><span style="color: black;font-family: sans-serif , arial , helvetica;">The Principal Application Security Engineer assures the safety and security of Barracuda Networks software and services through source code review, manual application security assessment, operation and integration of automated security assessment solutions, architecture review, and expert advice regarding software security trends, threats, best practices and incidents. Through assuring the safety and security of Barracuda Networks software and services, the Application Security Engineer helps to keep our customers and their data safe and secure.&nbsp;</span></div><div><span style="font-family: sans-serif , arial , helvetica;">&nbsp;</span></div><div><span style="font-family: sans-serif , arial , helvetica;"><b><span style="color: black;">Tech Stack Exposure</span></b><span style="color: black;">&nbsp;</span></span></div><ul style="margin-top: 0.0in;"><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">A deep understanding of software security best practices and vulnerabilities, especially as they relate to web applications (e.g. OWASP Top 10)&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Experience identifying vulnerabilities in software and SaaS services&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Experience in source code review, preferably for Python, PHP and Go&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Experience in scoping and performing manual application penetration testing&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Experience in assessing the risk of identified vulnerabilities, and providing correct, robust and actionable recommendations to mitigate and/or resolve the vulnerabilities&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Experience in understanding software vulnerabilities, in finding other instances of the vulnerability across codebases, and in identifying collateral/related vulnerabilities.&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Experience in assessing the implemented resolution of a vulnerability for completeness and accuracy, and identifying bypasses for the implemented resolution&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Experience in working collaboratively with software development teams to identify vulnerabilities in all stages of software development&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Experience in communicating effectively with people of varying security proficiency and interest (fellow security professionals, engineering, and management)&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">The ability to coordinate and participate in wide-scale Software Incident Security Response exercises such as the log4j response, understanding and unpacking information as incidents unfold, and in working across the organization to deliver a comprehensive "Identify, Resolve, Validate" solution&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Basic programming experience in at least one language, preferably Python or Go, and experience in automating routine tasks such as searching source code and manipulating data.&nbsp;</span></li></ul><div><span style="font-family: sans-serif , arial , helvetica;"><b><span style="color: black;">What you’ll be working on</span></b><span style="color: black;">&nbsp;</span></span></div><ul style="margin-top: 0.0in;"><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Ensure the secure delivery of software from design through to implementation&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Maintain awareness of software security trends, incidents, and best practices, and provide expert advice and guidance to engineering teams regarding secure development and vulnerability remediation.&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Manage Barracuda’s bug bounty programs&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Work collaboratively with the organization, including with Security, Compliance and Engineering, to understand and remediate computer and software security incidents&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Evaluate new and emerging security technologies, features, and products.&nbsp;</span></li></ul><div><span style="font-family: sans-serif , arial , helvetica;"><b><span style="color: black;">What you bring to the role</span></b><span style="color: black;">&nbsp;</span></span></div><ul style="margin-top: 0.0in;"><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">7+ years of experience&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">The ability to perform source code review in new and unfamiliar languages using knowledge of security best practices and a willingness to read documentation&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Solutions architecture review experience, and the ability to identify opportunities and vulnerabilities early in the specification and development of software&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Threat modelling experience&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Fuzzing experience&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Experience using and integrating automated software security scanners such as SAST/DAST/SCA&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">An understanding of Infrastructure as Code and cloud platform security (preferably Azure and AWS)&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">An understanding of identity, authentication and authorization protocols including OAuth/OpenID Connect and SAML&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Published examples of work such as original research, vulnerability advisories, conference talks, bug bounty writeups or CTF writeups&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">The ability to identify opportunities for process improvement, including automation and the authorship of software (scanners, fuzzers, helper utilities etc.)&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Experience participating in and/or managing bug bounty programs&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Experience with and/or a willingness to collaborate with other security functions such as compliance and policy, network/corporate security, security monitoring and incident response&nbsp;</span></li></ul><div><span style="color: black;font-family: sans-serif , arial , helvetica;">&nbsp;</span></div><div><span style="font-family: sans-serif , arial , helvetica;"><b><span style="color: black;">What you’ll get from us&nbsp;</span></b><span style="color: black;">&nbsp;</span></span></div><div><span style="color: black;font-family: sans-serif , arial , helvetica;">&nbsp;</span></div><div><span style="color: black;font-family: sans-serif , arial , helvetica;">A team where you can voice your opinion, make an impact, and where you and your experience are valued. Internal mobility – there are opportunities for cross training and the ability to attain your next career step within Barracuda. &nbsp;</span></div><div><span style="color: black;font-family: sans-serif , arial , helvetica;">&nbsp;</span></div><ul style="margin-top: 0.0in;"><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Equity, in the form of non-qualifying options&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">High-quality health benefits&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Retirement Plan with employer match&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Career-growth opportunities&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Flexible Time Off and Paid Time Off benefits&nbsp;</span></li><li style="color: black;font-family: sans-serif , arial , helvetica;"><span style="font-family: sans-serif , arial , helvetica;">Volunteer opportunities&nbsp;</span></li></ul><div><span style="color: black;font-family: sans-serif , arial , helvetica;">At Barracuda, we believe in fair and equitable compensation practices that reflect both market realities and the unique circumstances of each geographical location. We recognize that cost-of-living disparities, market conditions, and other factors can significantly impact compensation expectations in different regions. The compensation range provided in this job description is for illustrative purposes only and may not reflect the actual compensation offers for the position in your location. Final compensation will be determined based on a variety of factors including the candidates’ qualifications and experience.&nbsp;</span></div><div><span style="font-family: sans-serif , arial , helvetica;">&nbsp;</span></div><div><span style="color: black;font-family: sans-serif , arial , helvetica;">California: $232,000 - $250,000<br>New York City: $193,000 - $218,000<br>Westchester County, NY: $193,000 - $218,000<br>Washington: $209,000 - $223,000<br>Colorado: $174,00 - $191,500&nbsp;</span></div><div><span style="font-family: sans-serif , arial , helvetica;">&nbsp;</span></div><div><span style="color: black;font-family: sans-serif , arial , helvetica;">#LI-remote</span></div>
            <p></p>
        </div>