Esri, Inc.

Returning Candidate?

Software Security Engineer

Software Security Engineer

Job Category 
ArcGIS Product Engineering
Job ID 

More information about this job


Do you enjoy immersing yourself into the continually evolving world of cybersecurity? In this role, you'll work with product and development teams to design and build secure solutions and participate in and coordinate penetration testing activities. You will ensure that our services, applications, and websites are designed and implemented to the highest security standards. You will also be responsible for analyzing the security of applications and services, discovering and addressing security issues, solving security challenges brought to us by security researchers and customers, and quickly reacting to new threat scenarios.


To be successful in this role, you will need a strong curiosity in exploring and testing software with unintended use cases and improving the ability of software to withstand attacks.



  • Participate in product security incident response efforts, including interactions with technical support, engineering, and development teams on a regular basis 
  • Facilitate identification of relative risk, mitigation/remediation options, and prioritization of resolution
  • Advance the product security lab and facilitate product security validation efforts through component, static, and dynamic analysis tools
  • Mitigate vulnerability of Esri’s products through testing, identifying, and solving security issues 
  • Enable FedRAMP authorization and compliance efforts for large cloud-based services requiring establishing new processes, procedures, and validation efforts within Esri’s DevOps teams
  • Foster communication of best practices, guidance, and training for development teams as well as customers 
  • Develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices
  • Perform application security reviews and penetration testing as well as project/research work as needed
  • Lead security training and outreach to internal development teams as needed
  • Provide security guidance documentation and security tool development; facilitate delivery and improvement of security metrics


  • 1+ years of experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration, and network security
  • Intermediate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security
  • Experience with various platform architectures including server, desktop, mobile, Linux, and Windows
  • Experience testing middleware software components using core Java, Servlets, JSP, EJBs
  • Fundamental understanding of web services including SOAP and REST
  • Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge 
  • Bachelor's in computer science or related field, or equivalent work experience, depending on position level 

Recommended Qualifications:

  • Ability to read and understand (debug) code written by others, enabling ability to troubleshoot and determine a root cause
  • Good understanding of cloud computing platforms and services
  • Knowledge of common application security and code analysis tools
  • Extensive knowledge of the OWASP Top 10 and CWE Top 25
  • Experience implementing security solutions at the business division level
  • Experience exploiting web and web services security vulnerabilities including cross-site scripting, CSRF, SQL injection, XML/SOAP and API attacks
  • An understanding of network and web-related protocols such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing
  • Information security certifications (GPEN, OSCP, OSCE, OSWE, CEH, SSCP)

The Company

Our passion for improving quality of life through geography is at the heart of everything we do. Esri’s geographic information system (GIS) technology inspires and enables governments, universities, and businesses worldwide to save money, lives, and our environment through a deeper understanding of the changing world around them.


Carefully managed growth and zero debt give Esri stability that is uncommon in today's volatile business world. Privately held, we offer exceptional benefits, competitive salaries, 401(k) and profit-sharing programs, opportunities for personal and professional growth, and much more.


Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.