Senior Security Engineer

This is a good match for ITSG readers moving deeper into security engineering: it blends purple-team testing, vulnerability management, incident response, and collaboration with platform and SOC engineers. What you would work on: • Research emerging threats across the surface web, dark web, and deep web • Build threat models, conduct threat hunts, and plan and execute purple team engagements • Coordinate internal red team testing operations that emulate a threat actor • Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to improve our offensive and defensive security controls • Contribute to vulnerability testing and analysis as well as incident response and analysis • Include testing for web, mobile, CLI, and desktop application security issues across our multi-product portfolio, including Bitwarden Password Manager, Secrets Manager, and Passwordless.dev, our APIs, serverless functions, and database Good fit if: • Experience with Penetration Testing Tools, such as Burp Suite, NMAP, Nessus, Metasploit, Kali Linux, SQLMap, Owasp ZAP, and manual testing tools • In-depth knowledge of leading vulnerability management tools and strategies • In-depth understanding and usage of application security testing technologies is a plus • Understanding of authentication concepts, including OpenIDConnect, SAML, OAuth, and SSO flows • Strong working knowledge of vulnerability management tools, data and network security technologies Curated from Bitwarden Greenhouse for IT Support Group readers. This is an external listing; use the apply link for the source listing and latest details.