JUUL's mission is to improve the lives of the world’s one billion adult smokers by driving innovation to eliminate cigarettes. JUUL is the number one US-based vapor product. Headquartered in San Francisco and backed by leading technology investors including Tiger Global, Fidelity Investments and Tao Invest LLC, JUUL Labs is disrupting one of the world’s largest and oldest industries.
We’re an exceptional team with backgrounds in technology, healthcare, CPG and biotech, and we’re growing rapidly to deliver on our mission. We’re actively looking to hire the world’s best scientists, engineers, designers, product managers, supply chain experts, customer service and business professionals.
ROLES AND RESPONSIBILITIES:
A Product Security Engineer - Mobile App Platform at JUUL Labs will be responsible for delivering secure development and testing guidelines for products, with a focus on the mobile app component. She/he will work with mobile application engineering and product teams to review security throughout the design and implementation process. Your guidelines and participation in security audits, risk analysis, vulnerability testing and security reviews will help formalize the SDLC (Secure Development Life Cycle) for products at the company. A successful candidate will need a combination of troubleshooting, technical, and communication skills.
- Help ensure Juul's connected products are implemented to a high security standard
- Develop threat models for the mobile app, particularly in the context of the systems the app interacts with, i.e. various cloud services and BLE-connected consumer devices
- Evaluate security tools pertaining to SAST, DAST, OSS, Mobile App testing, and cloud-based service vulnerabilities, integrate these tools into the various engineering teams e.g. QA, Platform, Mobile app to promote SDLC (Secure Development Life Cycle)
- Search for new vulnerabilities in the device firmware, mobile application and cloud services, and suggest mitigations and workarounds
- Provide guidance, documentation, and training on appropriate countermeasures and controls, secure programming practices, testing tools and methodologies, industry standards for security and vulnerability management such as OWASP, SANS, CWE, CWSS, CVE, CVSS, etc.
- Build tools and scripts to make security testing more efficient and effective
- Work with third-party vendors and partners during penetration testing, architecture consulting and security review engagements
PERSONAL AND PROFESSIONAL QUALIFICATIONS:
- 5+ years of knowledge and experience working with core security features on either iOS or Android (or both)
- Strong investigative and analytical problem solving skills.
- Minimum of 2 years of experience with a majority of the following:
- system and network security testing
- threat modeling
- secure coding
- penetration testing
- security testing and reviews within cloud implementations e.g. AWS/Azure
- Understanding of Agile software development methods and familiarity with enterprise productivity tools such as JIRA, confluence
- Experience operating and managing security testing tools, esp. for mobile app testing
- Mobile app development skills and experience a plus
- Strong communication skills, both written and spoken
- Knowledge of at least one scripting language
- BS/MS/PhD in Computer Science, Information Systems, Electrical Engineering, or the equivalent in experience.
- Preferred Certifications: CISSP, CSSLP, AWS Solutions Architect, or equivalent.
JUUL LABS PERKS & BENEFITS:
- A place to grow your career. We’ll help you set big goals - and exceed them
- People. Work with talented, committed and supportive teammates
- Equity and performance bonuses. Every employee is a stakeholder in our success
- Boundless snacks and drinks
- Cell phone subsidy, commuter benefits and discounts on JUUL products
- Excellent medical, dental and vision benefits
- Location. Work in the heart of San Francisco, one of the world’s greatest cities