Staff Security Engineer, AppSec

About Kandji

Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we’re bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.

Some of the smartest money in tech has partnered with Kandji to realize our vision, including Tiger Global, Felicis, Greycroft, First Round Capital, and Okta Ventures. In July 2024, Kandji raised $100 million in capital from General Catalyst, bringing Kandji’s valuation to $850 Million.

Since Kandji’s Series C in 2021, the company has seen a 600%+ increase in annual recurring revenue, and its customer base has grown nearly 4X across 40+ industries. Notable customers include Allbirds, Canva, and Notion, and the company has partnerships with such industry giants as ServiceNow, AWS, and Okta.

Kandji was also named to Forbes’ Next Billion Dollar Startup List 2023 and recognized as a top venture-backed startup with the potential to reach unicorn status.

The Opportunity

The Staff Security Engineer, AppSec will play a critical role in safeguarding Kandji’s products and infrastructure by designing security programs, conducting thorough threat modeling, managing vulnerabilities, and embedding secure development practices. This role will work closely with product managers, engineering teams, and cross-functional stakeholders to ensure security is a foundational component of all our initiatives.

• Threat Modeling: Lead the development of comprehensive threat models for new and existing products to identify, assess, and mitigate security risks.
• Vulnerability Management: Establish and manage a vulnerability management lifecycle for our applications, ensuring timely detection, reporting, and remediation of security vulnerabilities.
• Security Programs: Design and implement application security programs focused on building security into the software development lifecycle (SDLC) and establishing secure coding practices.
• Collaboration with Engineering: Partner with product and engineering teams to integrate security requirements into architectural designs and development processes.
• Security Audits & Assessments: Conduct regular security assessments of applications and infrastructure, focusing on identifying areas of weakness and recommending actionable improvements.
• Security Incident Response: Support the incident response team in application-related security incidents by providing expertise on containment, eradication, and post-incident analysis.
• Security Awareness: Mentor and coach engineering teams on security best practices and create security awareness initiatives tailored to the development environment.
• Automation & Tooling: Drive the adoption of security automation, including code scanning, security testing, and CI/CD pipeline integration to streamline security processes.

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
• 8+ years of experience in application security, preferably within a SaaS environment.
• Strong proficiency in threat modeling, secure coding practices, vulnerability management, and incident response.
• Hands-on experience with security tools such as static/dynamic analysis tools (SAST, DAST), penetration testing tools, and CI/CD pipeline integration.
• Familiarity with modern programming languages (e.g., Python, JavaScript, Go) and cloud platforms (e.g., AWS, GCP, Azure).
• Industry certifications such as CISSP, OSCP, or CEH are a plus.
• Required to work on-site 5x a week in our Miami office (Coral Gables).

• Technical Leadership: Demonstrated ability to lead and guide teams in the development and execution of security initiatives.
• Threat Analysis: Strong understanding of threat modeling techniques, application security risks (OWASP Top Ten), and secure coding practices.
• Risk Management: Expertise in managing security vulnerabilities and threats through identification, prioritization, and mitigation strategies.
• Communication: Excellent communication skills to effectively collaborate with cross-functional teams, present complex security concepts, and advocate for secure design practices.
• Innovation & Problem Solving: Creative thinker with the ability to develop novel security solutions in response to emerging threats and vulnerabilities.
• Continuous Improvement: Strong commitment to staying up-to-date with evolving security standards and best practices, and a passion for continuous learning and improvement.

Benefits & Perks

 • Competitive salary

 • 100% individual and dependent medical + dental + vision coverage

 • 401(k) with a 4% company match

 • 20 days PTO

 • Kandji Wellness Week the first week in July

 • Equity for full-time employees

 • Up to 16 weeks of paid leave for new parents

 • Paid Family and Medical Leave

 • Modern Health - Mental Health Benefits - Individual and Dependents

• Fertility Benefits

 • Working Advantage Employee Discounts

 • Free onsite fitness center

 • Free parking

 • Lunch 5 days/week

 • Exciting opportunities for career growth

 • An outstanding, inclusive culture

We are excited to be serving a significant need for a fast-growing market, and are proud of the high-performing team we have brought together so far. If you’re someone who wants to engage in new, exciting projects that will challenge your skills in the best way possible, we would love to connect with you.

At Kandji we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams, and welcome those from all backgrounds and varying experiences.

Kandji is proud to be an equal opportunity employer committed to diversity and inclusion in the workplace. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, physical or mental disability, protected veteran or military status or any other status protected by applicable law.