Staff Application Security Engineer

Outreach is the first and only AI Sales Execution Platform built for intelligent revenue workflows. Built on the world’s largest foundation of customer interactions and go-to-market team data, Outreach’s leading revenue AI technology helps go-to-market professionals and their companies win by intelligently accelerating decision making and elevating sellers to do their best work. Our powerful platform gives revenue teams the tools they need to design, measure, and improve a revenue strategy for every stage of the customer journey, improving efficiency and effectiveness across the entire revenue cycle. Over 6,000 customers, including Zoom, McKesson, Snowflake, SAP, and Okta use Outreach to power workflows, put customers at the center of their business, improve revenue results, and win in the market.   Outreach is a privately held company based in Seattle, Washington, with offices worldwide. To learn more, please visit www.outreach.io. 
Staff Application Security Engineer
Do you have a passion for securing cloud-native environments? Are you interested in creating and defining industry-leading standards and patterns? Would you like the opportunity to work with a world-class engineering team, to train, mentor, and grow a security-focused development culture? Outreach needs a Staff Application Security Engineer who can work with our productengineering teams to drive secure product design, conduct application security reviews, and define the direction for our cloud-native, continuous-deployment application security program.
The ideal candidate has strong application security engineering skills, a background in development or engineering as well as deep understanding of application security vulnerabilities and mitigations. This role is focused on building secure systems, rather than breaking -- instead of penetration testing and security review, this role focuses on understanding current security mitigations and applying them to our service portfolio and Secure Development Lifecycle. The right candidate enjoys engaging with developers and takes ownership of improving security processes and technical controls across engineering teams, while also supporting product security feature development.
Starting on day one, you will work with product managers and engineering partners across the organization, and at times, directly with customers. You will help train and collaborate with PMs and engineers to design and implement secure development processes into our CI/CD pipeline to reduce the chance of vulnerabilities in our production code. You will help create a mix oftechnical training and awareness content, contribute to secure coding standards, and produce position papers and technical specifications for security mitigations and product features.
The primary focus areas for this position are:
Technical Fluency – A passion for security and technology, familiarity with SecDevOps methodology and containers, SaaS and cloud security solutions and standards, and microservice architectures.
Advisory Skills – Providing direction, advice and support that helps grow the technical and collaboration skills of the individuals and teams you work with.
Execution – Planning, coordination, managing dependencies and risks, and diving deep when issues arise. Ability to work with people and drive a program to completion is a must.

Your Daily Adventures Will Include:

• Conduct security reviews and threat models and train engineers on threat modeling techniques and other standard evaluation practices to identify and prioritize risks of potential vulnerabilities and define possible mitigations.
• Develop, document and maintain the security standards and design patterns used by engineers to deliver consistent, secure code and features.
• Research the threat landscape, regulatory considerations, and customer requirements relevant to Outreach’s business, and recommend solutions to address known and potential threats by defining and applying appropriate security requirements.
• Review product code for security vulnerabilities, both manually and with the assistance of automated tooling such as SAST, DAST, and SCA tools.
• Participate in customer calls to provide guidance and education on how to securely use and deploy the Outreach platform.
• Ensure strong cross-company collaboration by fostering a close partnership between security and engineering teams with the goal of increasing customer trust in Outreach and its products.

Our Vision of You:

• A minimum of 3 years’ experience as a senior or principal application security engineer or architect.
• Deep experience in application security programs, including threat modeling, secure coding best practices, identifying vulnerabilities and secrets in code, and coordinating remediations in a cloud-native SaaS environment.
• Familiarity with modern application security issues and mitigation techniques is essential.
• Experience creating reference architectures, engineering specs, and data flow diagrams. Experience with customer-facing content is a plus.
• Experience performing code reviews to identify security vulnerabilities.
• Proven success working with engineers and technologies in cloud-native, DevOps environments (including CI/CD pipelines, microservices, and infrastructure as code).
• Strong track record of partnering and collaborating with engineers and producing formal documentation to communicate program effectiveness to leadership.
• Experience evaluating and implementing third-party tools and services to support an effective SDL program.
• Experience mentoring and training others in application security principles and practices.
• Excellent interpersonal and management skills.
• Strong written and verbal communication skills. Experience working with customers or customer-facing teams is a plus.
• Flexibility to have up to 2 hours per day in US Pacific time zone working hours to allow for interaction with Seattle and Prague-based teams
• Ability to work independently and flexibly to succeed within Outreach’s dynamic culture.

Why You’ll Love It Here
● Highly competitive salary● 25 days annual vacation time + sick time and casual leave● Group medical policy coverage available to employees and up to 5 eligible family members● OPD benefit covered up to INR 10,000● Life insurance and personal accident insurance at 3x annual CTC● 26 weeks of maternity leave pay, and 15 days of paternity leave pay● Opportunity to be part of company success via the RSU program● Diversity and inclusion programs that promote employee resource groups like OWN+ (Outreach Women's Network), Adelante (Latinx community), OBX (Outreach Black Connection), Mosaic (AAPI community), Pride (LGBTQIA+), Gender+, Disability Community, and Veterans/Military ● Employee referral bonuses to encourage the addition of great new people to the team● Fun company and team outings because we play just as hard as we work
Our success is reliant on building teams that include people from different backgrounds and experiences who can elevate assumptions and ideas with fresh perspectives. We're dedicated to hiring the whole human, not just a resume. To that end, we look for a diverse pool of applicants-including those from historically marginalized groups. We would like to invite you to apply even if you don't think you meet all of the requirements listed below. We don't want a few lines in a job description to get between us and the opportunity to meet you.