Senior Application Security Engineer
At Ouster, we build sensors and tools for engineers, roboticists, and researchers, so they can make the world safer and more efficient. We've transformed LIDAR from an analog device with thousands of components to an elegant digital device powered by one chip-scale laser array and one CMOS sensor. The result is a full range of high-resolution LIDAR sensors that deliver superior imaging at a dramatically lower price. Our advanced sensor hardware and vision algorithms are used in autonomous cars, drones and many other applications. If you’re motivated by solving big problems, we’re hiring key roles across the company and need your help!
As a Senior Application Security Engineer, you will play a critical role in safeguarding Ouster’s digital assets. You will be responsible for identifying, assessing, and mitigating security vulnerabilities within our applications and cloud infrastructures. Our applications focus on computer vision and machine learning, and are based on microservices. Your expertise will be instrumental in ensuring the confidentiality, integrity, and availability of our systems.
Responsibilities:
- Security Assessment/Testing: Conduct thorough security assessments, penetration tests, and vulnerability scans of web applications, APIs, microservices, computer vision systems, and machine learning models using industry-standard tools and techniques.
- Vulnerability Management: Identify, prioritize, and manage/track remediation of security vulnerabilities in collaboration with DevOps and dev teams.
- CI/CD pipeline: Develop, update and maintain security assessment tools within CICD pipelines.
- Threat Modeling: Perform threat modeling to identify potential security risks in application architectures and develop mitigation strategies in collaboration with DevOps and dev teams.
- Security Awareness: Educate development teams about security best practices
- Incident Response: Participate in incident response activities, including investigation, containment, and remediation of security incidents
- Software Security Program Management: Use OWASP SAMM to define, measure, and drive Ouster’s software security maturity.
Qualifications:
- Bachelor's degree in Computer Science, Information Security, or a related field
- At a minimum 5 years of experience as an Application Security Engineer
- At least 3 years of relevant experience in software engineering or devops
- Mastery of Jenkins or other CI/CD system
- Mastery of Linux and Docker
- Experience with system administration and networking
- Strong understanding of application security principles and best practices
- Experience with cloud infrastructure security (e.g., AWS, GCP)
- Experience with CI/CD Pipelines (e.g. Jenkins)
- Experience with SAST tools and vulnerability scanners
- Excellent problem-solving and analytical skills
- Strong communication and interpersonal skills
- AppSec certificates preferred
requirements to be the ideal candidate for this role.
Ouster is an Equal Employment Opportunity employer that pursues and hires a diverse workforce. Ouster does not make employment decisions on the basis of race, color, religion, ethnic or national origin, nationality, sex, gender, gender-identity, sexual orientation, disability, age, military status, or any other basis protected by local, state, or federal laws. Ouster also strives for a healthy and safe workplace, and prohibits harassment of any kind. Pursuant to the San Francisco Fair Chance Ordinance, Ouster considers qualified applicants with arrest and conviction records for employment. If you have a disability or special need that requires accommodation, please let us know.