Principal Security Engineer at Endor Labs

Bengaluru, Karnataka, India

Endor Labs Logo
Not SpecifiedCompensation
Expert & Leadership (9+ years), Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Software SecurityIndustries

Requirements

The Principal Security Engineer should possess hands-on engineering experience, including writing production code and securing modern systems, along with a full-spectrum mindset encompassing attacker and architect perspectives. Experience with cloud-native stacks (Azure, GCP), endpoint management, identity systems (SSO, MDM), and secure SaaS use is required, and experience securing internal and external AI/ML usage is highly desirable. Strong understanding of real-world threat models and risk reduction is also necessary.

Responsibilities

As the Principal Security Engineer, you will partner with engineering teams to design secure-by-default systems and infrastructure, lead secure SDLC practices and runtime hardening efforts, shape developer-friendly security standards, and create educational materials. You will also own security for corporate infrastructure, including identity, email, Slack, SaaS apps, endpoints, and cloud accounts, stand up effective monitoring for external threats, implement modern DLP strategies, define and drive secure usage of GenAI tools, lead incident response, and engage with customers on security topics.

Skills

secure SDLC
runtime hardening
secure-by-default
secure architecture
infrastructure security
application security
secure coding practices
security standards
developer education
patterns

Endor Labs

Cybersecurity software vulnerability analysis services

About Endor Labs

Endor Labs specializes in cybersecurity by focusing on reachability-based dependency analysis to identify vulnerabilities in software that hackers could exploit. Their team, composed of PhDs, analyzes software to provide a comprehensive risk score that evaluates security, quality, popularity, and activity. This analysis helps reduce alert noise by 80%, allowing clients to concentrate on the most critical issues. They offer a flexible policy engine for clients to create tailored risk profiles, minimizing disruptions in the software development process. Additionally, Endor Labs assists businesses in managing Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX) to understand the risks and costs associated with software ownership. Their goal is to enhance the security and quality of software for businesses of all sizes while generating revenue through their analysis and monitoring services.

Palo Alto, CaliforniaHeadquarters
2021Year Founded
$92.4MTotal Funding
SERIES_ACompany Stage
Data & Analytics, CybersecurityIndustries
51-200Employees

Benefits

Health Insurance
Dental Insurance
Vision Insurance
Mental Health Support
Unlimited Paid Time Off
401(k) Retirement Plan
Remote Work Options

Risks

Integration with Microsoft Cloud Defender may strain resources to maintain high performance.
New AI model evaluation tool could expose Endor Labs to risks of biases and inaccuracies.
Strategic investment from Citi Ventures may pressure the company for rapid financial growth.

Differentiation

Endor Labs specializes in reachability-based dependency analysis for software vulnerability detection.
The company offers a comprehensive risk score for software packages, reducing alert noise by 80%.
Endor Labs' flexible policy engine allows clients to create specific risk-based policies.

Upsides

Endor Labs' SCA tool is integrated with Microsoft Cloud Defender, expanding its market reach.
The company received strategic investment from Citi Ventures, boosting financial resources.
Endor Labs won 'Most Innovative Technology' award, enhancing its industry credibility.

Land your dream remote job 3x faster with AI