Kandji is the Apple Device Management and Security Platform. Kandji empowers companies to manage and secure Apple devices in the enterprise and at scale. By centrally securing and managing Mac, iPhone, iPad, and Apple TV devices, IT and InfoSec teams can save countless hours of manual, repetitive work with features like one-click compliance templates and more than 150 pre-built automations, apps, and workflows.

Device Harmony is our vision for tearing down the wall between IT and InfoSec to keep every Apple user secure and productive, using connected intelligence and automation. By choosing a career with Kandji, you will play an integral role in contributing to making our vision a reality. Backed by world-class investors such as Tiger Global, Greycroft, B Capital Group, Okta Ventures, the Spruce House Partnership, and First Round Capital, Kandji has raised over $100+M in capital to date.

Trusted by industry leaders, Kandji’s rapidly growing customer base includes companies like Ramp, Notion, Netskope, Noom, Turo, Groupon, VoxMedia, and more.

Recognized for its award-winning products, Kandji was recently named the #1 fastest-growing app in Okta’s 2023 Businesses at Work Report and a G2 Best Software 2023 Award Winner for Fastest Growing Products!

The Opportunity

The Staff Security Engineer, AppSec will play a critical role in safeguarding Kandji’s products and infrastructure by designing security programs, conducting thorough threat modeling, managing vulnerabilities, and embedding secure development practices. This role will work closely with product managers, engineering teams, and cross-functional stakeholders to ensure security is a foundational component of all our initiatives.

How you will make a difference

Threat Modeling: Lead the development of comprehensive threat models for new and existing products to identify, assess, and mitigate security risks.
Vulnerability Management: Establish and manage a vulnerability management lifecycle for our applications, ensuring timely detection, reporting, and remediation of security vulnerabilities.
Security Programs: Design and implement application security programs focused on building security into the software development lifecycle (SDLC) and establishing secure coding practices.
Collaboration with Engineering: Partner with product and engineering teams to integrate security requirements into architectural designs and development processes.
Security Audits & Assessments: Conduct regular security assessments of applications and infrastructure, focusing on identifying areas of weakness and recommending actionable improvements.
Security Incident Response: Support the incident response team in application-related security incidents by providing expertise on containment, eradication, and post-incident analysis.
Security Awareness: Mentor and coach engineering teams on security best practices and create security awareness initiatives tailored to the development environment.
Automation & Tooling: Drive the adoption of security automation, including code scanning, security testing, and CI/CD pipeline integration to streamline security processes.

We’d love to hear from you if you have

Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
8+ years of experience in application security, preferably within a SaaS environment.
Strong proficiency in threat modeling, secure coding practices, vulnerability management, and incident response.
Hands-on experience with security tools such as static/dynamic analysis tools (SAST, DAST), penetration testing tools, and CI/CD pipeline integration.
Familiarity with modern programming languages (e.g., Python, JavaScript, Go) and cloud platforms (e.g., AWS, GCP, Azure).
Industry certifications such as CISSP, OSCP, or CEH are a plus.
Required to work on-site 3 days a week (Tuesday, Wednesday, Thursday) in San Francisco or 4 days a week (Monday through Thursday) in Miami. Managers may require additional on-site days.

Competencies

Technical Leadership: Demonstrated ability to lead and guide teams in the development and execution of security initiatives.
Threat Analysis: Strong understanding of threat modeling techniques, application security risks (OWASP Top Ten), and secure coding practices.
Risk Management: Expertise in managing security vulnerabilities and threats through identification, prioritization, and mitigation strategies.
Communication: Excellent communication skills to effectively collaborate with cross-functional teams, present complex security concepts, and advocate for secure design practices.
Innovation & Problem Solving: Creative thinker with the ability to develop novel security solutions in response to emerging threats and vulnerabilities.
Continuous Improvement: Strong commitment to staying up-to-date with evolving security standards and best practices, and a passion for continuous learning and improvement.

These requirements are for the strongest, ideal candidate. Even if you do not outperform every bullet point, Kandji encourages you to apply. We promote a diverse, equitable, and inclusive culture and recognize that even the strongest candidates won’t have all desired experiences and qualifications.

Benefits & Perks

• Competitive salary

• 100% individual and dependent medical + dental + vision coverage

• 401(k) with a 4% company match

• 20 days PTO

• 14 paid holidays per year

• 10 health and wellness days per year

• Kandji Wellness Week Off July 1 - July 5, 2024

• Equity for full-time employees

• 12 weeks of paid leave for new parents

• Paid Family and Medical Leave

• Modern Health - Mental Health Benefits - Individual and Dependents

• Monthly Utilities stipend

• Gym Membership

• Lunch 3 Days/Week

• Exciting opportunities for career growth

• An outstanding, inclusive culture

We are excited to be serving a significant need for a fast-growing market, and are proud of the high-performing team we have brought together so far. If you’re someone who wants to engage in new, exciting projects that will challenge your skills in the best way possible, we would love to connect with you.

At Kandji we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams, and welcome those from all backgrounds and varying experiences.

Kandji is proud to be an equal opportunity employer committed to diversity and inclusion in the workplace. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, physical or mental disability, protected veteran or military status or any other status protected by applicable law.

Apply now

See more open positions at Kandji