JUUL's mission is to improve the lives of the world’s one billion adult smokers by driving innovation to eliminate cigarettes. JUUL is the number one US-based vapor product. Headquartered in San Francisco and backed by leading technology investors including Tiger Global, Fidelity Investments and Tao Invest LLC, JUUL Labs is disrupting one of the world’s largest and oldest industries.
We’re an exceptional team with backgrounds in technology, healthcare, CPG and biotech, and we’re growing rapidly to deliver on our mission. We’re actively looking to hire the world’s best scientists, engineers, designers, product managers, supply chain experts, customer service and business professionals.
ROLES AND RESPONSIBILITIES:
A Product Security Engineer at JUUL Labs will be responsible for finding and addressing security issues in the solution, particularly the mobile app component, before they impact customers and the company. The candidate will work with mobile application engineering, platform engineering, and QA teams to review security throughout the design and implementation process. The candidate's guidelines and participation in security audits, risk analysis, vulnerability testing and security reviews will help formalize the SDLC (Secure Development Life Cycle) for products at the company. A successful candidate will need a combination of troubleshooting, technical, and communication skills.
- Help ensure Juul's connected products are implemented to a high security standard
- Develop threat models for the mobile app, particularly in the context of the systems the app interacts with, i.e. various cloud services and BLE-connected consumer devices
- Evaluate security tools pertaining to SAST, DAST, OSS, Mobile App testing, and cloud-based service vulnerabilities, integrate these tools into the various engineering teams e.g. QA, Platform, Mobile app to promote SDLC (Secure Development Life Cycle)
- Look for flaws and vulnerabilities in the device firmware, mobile application and cloud services, and suggest mitigations and workarounds
- Provide guidance, documentation, and training on appropriate countermeasures and controls, secure programming practices, testing tools and methodologies, industry standards for security and vulnerability management such as OWASP, SANS etc.
- Build tools and scripts to make security testing more efficient and effective
- Work with third-party vendors and partners during penetration testing, architecture consulting and security review engagements
PERSONAL AND PROFESSIONAL QUALIFICATIONS:
- 5+ years of knowledge and experience developing and/or testing mobile apps and core security features on either iOS or Android (or both)
- Strong investigative and analytical problem solving skills with a passion for learning, breaking into, and reconstructing things
- Experience with system and network security testing
- Understanding of Agile software development methods and familiarity with secure software development lifecycle
- Experience operating and managing security testing tools, esp. for mobile app testing
- Knowledge of at least one scripting language
- Strong communication skills, both written and spoken
- BS/MS/PhD in Computer Science, Information Systems, Electrical Engineering, or the equivalent in experience.
- Preferred Certifications: CISSP, CSSLP, AWS Solutions Architect, or equivalent.
JUUL LABS PERKS & BENEFITS:
- A place to grow your career. We’ll help you set big goals - and exceed them
- People. Work with talented, committed and supportive teammates
- Equity and performance bonuses. Every employee is a stakeholder in our success
- Boundless snacks and drinks
- Cell phone subsidy, commuter benefits and discounts on JUUL products
- Excellent medical, dental and vision benefits
- Location. Work in the heart of San Francisco, one of the world’s greatest cities