Duo Security | Senior Application Security Engineer | Ann Arbor, MI or Austin, TX | ONSITE | https://duo.com/
We are Duo, and we’re here to democratize security for everyone. Our mission is to protect the mission of our customers like Facebook, Twitter, and Etsy by making security simple. We’re a diverse crew of makers and builders, skaters and coders, filmmakers and DJ’s, teachers and students brought together by a shared belief in adding value to the world. This diversity allows us to bring an empathetic approach to solve some of the most complex global business and security challenges we face today.
What you’ll do…
-Perform security activities, including security design reviews, threat modeling, code auditing, and security assessments on internally & externally developed software.
-Support product security issue triage, help coordinate 3rd-party security assessments, provide ad-hoc technical security expertise to product, sales, & engineering teammates.
-Create and maintain application security development policies, procedures & standards.
Skills you have…
- You have a strong understanding of many vulnerability classes impacting a variety of languages, with an expertise towards Python, Javascript, Java, C, C#, and Objective-C.
- You’re comfortable manually auditing code for vulnerabilities, using static & dynamic code analysis tools, building custom security tools, and bootstrapping test environments.
- You understand security engineering principles, and how to seriously consider when a “best practice” may not be, in fact, the best choice or positively impact actual security.
Don't forget that Duo Security's mobile application supports Google Authenticator (and any other TOTP-enabled service). It also has already been working on iOS 7 for weeks.
Great move by the GitHub team! Glad to see they went with TOTP rather than SMS-only. As they mentioned on their site, Duo Security's mobile application supports TOTP and we'll have an Octocat logo in soon :)
Most of our integrations allow for a configuration of "failmode" that allows for deciding how to handle unreachable/bad configuration scenarios. From our docs: "On service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access). The default is "safe"." Check, https://www.duosecurity.com/docs/duounix, for an example of this in actual documentation. Great question!
In terms of SSH, one of the features of Duo is that you can have many methods to authentication... push to phone, phone call, sms, yubikey, etc -- having that list allows you to pick how upon login.
We're definitely a SaaS provider so going through us is part of our service -- this also allows us to handle things such as telephony needs, push notifications, etc. for customers.
In terms of technical information, is there a specific feature or technology you're interested in knowing more about?
Thanks again for releasing this, we're always excited to promote open-source work and release as much of our own as possible, https://github.com/duosecurity
Thanks for the amazing feedback, we're extremely happy you enjoy Duo so much. Please keep in touch if there's anything we can do to help make your experience with Duo better; we're always working hard on new integrations and platform features.
We are Duo, and we’re here to democratize security for everyone. Our mission is to protect the mission of our customers like Facebook, Twitter, and Etsy by making security simple. We’re a diverse crew of makers and builders, skaters and coders, filmmakers and DJ’s, teachers and students brought together by a shared belief in adding value to the world. This diversity allows us to bring an empathetic approach to solve some of the most complex global business and security challenges we face today.
What you’ll do…
-Perform security activities, including security design reviews, threat modeling, code auditing, and security assessments on internally & externally developed software.
-Support product security issue triage, help coordinate 3rd-party security assessments, provide ad-hoc technical security expertise to product, sales, & engineering teammates.
-Create and maintain application security development policies, procedures & standards.
Skills you have…
- You have a strong understanding of many vulnerability classes impacting a variety of languages, with an expertise towards Python, Javascript, Java, C, C#, and Objective-C.
- You’re comfortable manually auditing code for vulnerabilities, using static & dynamic code analysis tools, building custom security tools, and bootstrapping test environments.
- You understand security engineering principles, and how to seriously consider when a “best practice” may not be, in fact, the best choice or positively impact actual security.
Interested? Apply at https://duo.com/about/careers/job/804997 today!