Qualtrics is a single system of record for all experience data, also called X-data™, allowing organizations to manage the four core experiences of business—customer, product, employee and brand experiences—on one platform. Over 8,500 enterprises worldwide, including more than 75 percent of the Fortune 100 and 99 of the top 100 U.S. business schools, rely on Qualtrics.
As Qualtrics continues to extend the Experience Management (XM) platform, we must ensure that we’re protecting our customers and their data by delivering and operating secure systems. Hundreds of software engineers contribute to Qualtrics XM every day. We need a top notch application security program which enables developers to deliver secure code, effectively identifies and remediates security vulnerabilities, and keeps up with our growing scale.
Qualtrics is looking for an experienced security engineer ready to take our appsec program to the next level and to contribute to our success.
A Day in the Life
- Review source code and use penetration testing techniques to identify or validate vulnerabilities in Qualtrics products
- Document and improve secure SDLC processes
- Deliver training to engineers on security topics and provide mentoring
- Implement security testing tools and methodologies (e.g., SAST, DAST) in collaboration with other engineering teams
- Coordinate penetration tests, bug bounties, and other security assessments performed by third parties
- Coordinate with security champions and other engineers to ensure successful and timely remediation of vulnerabilities
- Automate redundant tasks related to detection and reporting of vulnerabilities, suspicious application activity, coordination of response activities, etc.
- Facilitate threat modeling exercises to ensure correct security design decisions are being made
The Expectation for Success
This engineer will work effectively across the Qualtrics engineering organization, providing reliable technical security expertise on application security issues and applying a collaborative approach to solving problems and prioritizing security work. He or she will seek to streamline and automate processes in order to deliver maximum results with minimal effort across the organization. A passion for security will be demonstrated through ongoing learning and independent action.
Skills That Will Lead to Success
- Bachelor’s degree in Computer Science or related discipline
- At least four years developing web or backend applications
- Sound understanding of app security vulnerabilities, defense techniques and security best practices, including language-specific security measures and current-day threats
- Experience with modern application development languages and frameworks
- Prior experience leading application security efforts for an organization and/or fulfilling the typical job activities described above