Leveraging space technology to improve life on Earth
Satellogic is a leading provider of high resolution satellite imagery to governments and commercial customers worldwide. Our low-Earth-orbit satellite constellation and product platform deliver imagery data at the right cost. Satellogic’s satellite engineers, operators and product specialists are on a mission to deliver a fundamentally better picture of our planet and the many forces that reshape it every day.
Today, we are a global company with more than 250 employees in over 9 countries, at an inflection point in terms of growth and scale. We value team members with a sense of purpose who push the limits, get things done, and never stop learning — all while being humble, honest, and empathetic.
About the Job
For this role in the Information Security Team we are looking for someone who is passionate about adding security controls to our software development life cycles. This person will be responsible for assessing that the technology we develop is up to date with industry standards for maintaining confidentiality, integrity and availability.
The ideal candidate is looking to show and technically explain the security weaknesses identified when developing technology, how attackers could take advantage of them and provide security education to teams to mitigate these risks.
As a Senior Application Security Engineer, you will be responsible for:
- Integrating security knowledge and expertise into the current technology development lifecycles. This includes performing threat modeling, code reviews and vulnerability assessment.
- Assisting each stakeholder as to the best approaches to mitigate the identified risks.
- Following a software security initiative maturity model, constantly improving the processes associated with developing technology securely.
- Design, build and maintain, in collaboration with the Platforms and Infrastructure team, solutions that add support into our SDLC processes, constantly automating repetitive tasks identified throughout the different initiatives. This includes Static and Dynamic Code Analysis, among others.
- Document and share internally security best practices for technology development.
- Being the main point of contact (and subject matter expert) between application and hardware development and the Information Security teams.
Required skills and experience:
- At least 5 years of experience doing application pentesting, source code audits, architectural reviews, or similar security services. Although we appreciate and value security scanners, we will require scanner-less experience performing assessments.
- Strong familiarity with SDLC processes, source control and CI/DI pipelines. Experience with maturity models (eg. BSIMM) is a plus.
- Advanced programming skills: high level languages like Python, Ruby, Go.
- Intermediate skills: low level languages like C, C++, ASM.
- Strong knowledge of cryptography, secure protocols and vulnerabilities introduced by misusing this technology.
- Strong knowledge of Identity Access Management protocols (e.g. SAML, OAuth, OIDC, etc.) and products, and how to implement authentication and authorization securely.
- Solid understanding of networking protocols, security architectures and products.
- Knowledge of cloud infrastructure (AWS, GCP) from an attacker’s perspective.
- Advanced use and administration of Windows and Unix operating systems.
What we value
- Demonstrated mindset of thinking like an attacker.
- Solid communication skills and the ability to clearly articulate complex ideas and plans.
- Advanced English proficiency.
- Purpose-driven, resourceful and able to deliver results autonomously.
- Respect and support for all employees.
- Ability to understand and manage differences and discrepancies by making decisions and proposing alternative solutions.