Senior Application Security Engineer

LogicMonitor

Pune, India

#6039721

Position summary

gicMonitor is an equal opportunity employer. We deeply care about our employees' well-being, creating an environment where everyone feels valued and respected. We celebrate the diversity of our team and are committed to fostering a culture of inclusivity. When you join LogicMonitor, you're not just an employee to us, but a valued member of our community. Come as you are, be yourself, and let's grow together.

To learn more about life at LogicMonitor, check out our Careers Page .

What You'll Do:

LM Envision, LogicMonitor's leading hybrid observability platform powered by AI, helps modern enterprises gain operational visibility into and predictability across their IT stacks, so they can continue to deliver extraordinary employee and customer experiences. LogicMonitor has a layered approach to intelligence, where AI and Machine Learning is baked into every facet of the LM Envision platform to help IT teams improve efficiency, minimize alert fatigue, proactively predict trends, and maximize enterprise growth and transformation.

Our customers love LogicMonitor's ability to bring cloud and traditional IT together into one view, as seen in minimal churn rates, expansion business, and exciting new customer references. In fact, LogicMonitor has received the highest Net Promoter Score of any IT Infrastructure Management provider. LogicMonitor also boasts high employee satisfaction. We have been certified as a Great Place To Work®, and named one of BuiltIn's Best Places to Work for the sixth year in a row!

LogicMonitor's InfoSec Team is the backbone of trust that our customers depend on day after day. The Senior Application Security Engineer will help drive and evolve LogicMonitor's AppSec and Bug Bounty programs. You will be responsible for analyzing/investigating/validating the security of the engineering development owned applications and creating and continuously improving the bug bounty program. You will work with a global software engineering team, product team, and product security team.

Here's a closer look at this key role:

  • Manage and continuously improve the external bug bounty program, including setting program scope, rules of engagement, and incentives for researchers to participate.

  • Triage reported vulnerabilities from the bug bounty program, prioritize them based on risk and impact assessments, and coordinate with internal development teams for timely resolution.

  • Regularly evaluate the performance and results of the bug bounty program, identify areas for improvement, and implement enhancements to mature the program over time.

  • Collaborate with external bug bounty platforms or vendors to ensure the program's effectiveness and efficiency.

  • Actively engage with external security researchers, fostering a collaborative relationship to encourage their participation in the bug bounty program and to facilitate effective communication throughout the vulnerability disclosure process.

  • Conduct manual verification of security issues identified through automated scans, manual tests or reported by external researchers to validate their severity and impact.

  • Collaborate with cross-functional teams to prioritize and address identified vulnerabilities based on risk and impact assessments.

  • Track and report on the status of vulnerability remediation efforts, including providing regular updates to stakeholders.

  • Stay informed about emerging security threats, industry best practices, and relevant regulations to continuously improve the effectiveness of our vulnerability management program. Experience with Security and Privacy threat modeling new features.

  • Analyze vulnerabilities and proactively target root causes by creating tools for codebase scanning, establishing effective patterns and systems, and enhancing security training for engineers.

  • Assist teams in threat modeling and cultivating a security mindset for their features, leveraging dedicated security expertise to complement the existing skills of our engineers.

  • Investigate user security issues, utilizing product knowledge and logs to understand incidents and proposing improvements to monitoring for quicker detection of similar issues

What You'll Need:

  • 5+ years experience with Application security
  • Experience with application security standards such as OWASP ASVS/Top 10, CWE 25.
  • Experience with common security libraries, security controls, and common security flaws.
  • Outstanding collaboration and partnership skills, with proven ability to drive results across teams.