Security Engineer

Company: Tulip
Location: Somerville
Posted on: August 7, 2022

Job Description:

Tulip , the Frontline Operations Platform, is empowering the world's leading companies to improve the productivity of their teams, the quality of their output, and the efficiency of their operations. With Tulip's no-code platform, companies can empower those closest to operations to digitally transform their facilities and gain real-time visibility into the people, machines, and processes involved --all in a matter of days. - Companies of all sizes, across industries including consumer electronics, aerospace and defense, contract manufacturing, automotive, apparel, medical devices, and more, have implemented Tulip's intuitive platform to solve some of the most pressing challenges in manufacturing: error-proofing processes with guided workflows, integrating machines and devices at the edge, and capturing and analyzing real-time operational data. A spinoff out of MIT, the company is headquartered in Somerville, MA, with offices in Germany and Hungary. It has been recognized as an MES Challenger on the 2021 Gartner Magic Quadrant, Frost and Sullivan Entrepreneurial Company of the year, and a World Economic Forum Technology Pioneer. - About You:

• You have a passion for security
• You are a team player, and enjoy collaborating with cross-functional teams
• You are a great communicator
• You employ a flexible and constructive approach when solving problems
• You share our values, and work in accordance with those values
• You are positive and solution oriented What skills do I need? -
  • Familiar with common security libraries, security controls, and common security flaws
  • Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
  • Knowledge of common authentication technologies including OAuth, OpenID Connect, SAML, X.509 certificate authentication, OTP/TOTP.
  • Knowledge of browser-based security controls such as CSP, HSTS, CORS.
  • Experience with standard web application security tools such as Metasploit, OWASP ZAP, nmap and Kali Linux.
  • Integrate security testing (OWASP top 10, etc) with Tulip's CI/CD framework - security testing as part of our SDLC.
  • Evaluate security vulnerabilities submitted by third parties.
  • Educate other developers on secure coding best practices - creating security-focused materials and leading engineer/employee training sessions. Key Responsibilities:
    • Risk Management
      • Perform vulnerability management and be a subject matter expert (SME) for mitigation approaches.
      • Tulip product development
        • Make decisions related to architecture, authentication and system security with a focus on continuously improving product security
        • Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures.
        • Develop automated security testing to validate that secure coding best practices are being used.
        • Code quality
          • Proactively identify and reduce security risks.
          • Find and remove outdated and vulnerable code and code libraries.
          • Conduct risk evaluation of Tulip product features.
          • Conduct application security reviews, including code review and dynamic testing.
          • Evaluate and help remediate issues found by source code and container image scans.
          • Performance & Scalability: Write code that is not only secure but scales to a large number of users and systems
          • Develop security training and socialize the material with internal development teams. Key Collaborators:
            • Engineering
            • DevOps Working At Tulip We are building a strong, diverse team that values hard work, families, and personal well-being. - Benefits of working with us include:
              • Direct impact on product and culture
              • Company equity
              • Competitive benefits package including Health, Dental, Vision, Short-term Disability, Long-term Disability, Life Insurance, Commuter Benefits, Parental Leave, and 401k
              • Flexible work schedule and unlimited vacation policy
              • Virtual company events and happy hours
              • Fitness subsidies We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Help us build an inclusive community that will transform manufacturing.

Keywords: Tulip, Somerville , Security Engineer, Engineering , Somerville, Massachusetts