Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen -- predicting and stopping mobile attacks before they do harm. The world’s leading mobile network operators, including AT&T,  Deutsche Telekom, EE, KDDI, Orange, Sprint, T-Mobile and Telstra, have selected Lookout as its preferred mobile security solution. Lookout is also partnered with such enterprise leaders as AirWatch, Ingram Micro and MobileIron. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C. To learn more, visit www.lookout.com.

About the job:

Lookout’s users and product developers trust our Information Security team to provide them with the most secure experience. We're looking to hire Application Security Engineers to ensure that our products are designed and implemented in the highest security standards. You will have incredible communication skills and experience analyzing products from a security perspective.

You immerse yourself in all aspects of security, especially as it relates to building secure microservice-based cloud products, DevSecOps and stopping attacks in the cloud.  You are looking for an opportunity that will try your technical skills and challenge your creativity. You are ready to face a wide range of security questions, many of which have not been considered before.  Production servers, networks, endpoint devices, and data are safe in your hands. You are a subject matter expert who wants to implement tactical solutions and contribute to innovative solutions to big picture issues.


Responsibilities:

You’ll be tasked with improving security across all aspects of Lookout.  The infrastructure, mostly in Amazon Web Services, will run complex highly security-sensitive services, and at significant scale.  You will be challenged every day.

  • Push the boundaries of security technology to create defenses for large scale production infrastructure and networks.
  • Provide subject matter expertise on network architecture, DevSecOps, building secure software and implementation security controls in an Agile environment
  • Perform security assessments of production, corporate and cloud infrastructures
  • Define and implement network access control policies, automation and technical controls
  • Harden our infrastructure from attack by implementing strong Agile Security Development Lifecycle (SDL) tools and processes
  • Define and implement innovative monitoring and alerting systems to enable detection of intrusions
  • Provide training to engineering teams on application security related topics.
  • Build frameworks to provide secure defaults to engineering teams and tools that will automatically scan and detect security problems.
  • Evangelize security within Lookout.
  • Create services and tools to manage the security of our infrastructure

Requirements:

  • BS in Computer Science, Computer Engineering of Electrical Engineering
  • 8 + years of practical experience with security architecture, design and implementation in large scale products and cloud infrastructure
  • Experience in a DevOps and Security (DevSecOps) focused environmentHands on experience with AWS and AWS security controls (IAM, Lambda, Cloudtrail, KMS)
  • Experience with writing and using network automation tools, and scripting languages (ruby/python preferred)
  • Software development experience, and deep familiarity with Secure Development Lifecycles
  • Expert knowledge of Linux operating systems
  • Expert knowledge of cryptographic protocols
  • Security Certifications are a plus
  • Familiarity with compliance frameworks and standards (FedRamp, PCI, etc.) is preferred

Desired qualifications and skills:

  • 1+ years of experience in application security related field (code reviews, application penetration testing, security engineering).
  • An expert in two or more of the following domains: cryptography, authentication and security protocols, web application security, mobile application security, cloud based services, and threat modeling.
  • Development experience in Ruby or Java.
  • Excellent written and verbal communication skills.
  • Excellent teamwork and leadership skills.