Product Security Engineer - Federal

About Ping Identity: At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. We call this digital freedom. And it's not just something we provide our customers. It's something that inspires our company. People don't come here to join a culture that's built on digital freedom. They come to cultivate it. Our intelligent, cloud identity platform lets people shop, work, bank, and interact wherever and however they want. Without friction. Without fear. While protecting digital identities is at the core of our technology, protecting individual identities is at the core of our culture. We champion every identity. One of our core values, Respect Individuality, reminds us to celebrate differences so you are empowered to bring your authentic self to work. We're headquartered in Denver, Colorado and we have offices and employees around the globe. We serve the largest, most demanding enterprises worldwide, including more than half of the Fortune 100. At Ping Identity, we're changing the way people and businesses think about cybersecurity, digital experiences, and identity and access management. Job Summary: As a Product Security Engineer working in our Federal accounts, you will gain invaluable experience at a visionary identity security company. The position requires a passion for application security, solving both technical and organizational challenges, with the ability to work in a challenging, distributed and Infrastructure-as-Code development environment, excellent communications skills, and attention to the latest security best practices. This role focuses on product security ( application security ) for Ping’s identity platform. Product Security Engineers partner closely with engineering teams to review code, identify vulnerabilities, and improve the security posture of production software across Ping’s revenue-generating products. We are particularly interested in engineers who developed a passion for security and transitioned into application security or DevSecOps roles. Candidates with a background in software engineering, platform engineering, or DevOps who now focus on security are strongly encouraged to apply. Responsibilities : Own multiple Security Engineering assignments working with Ping Identity products, processes, and tooling Assist in proposing, developing, and improving Secure Software Development Lifecycle (SSDLC) practices alongside global, high-performance product engineering teams Work with the product teams to perform security design/code reviews and vulnerability assessment and management in an agile environment Perform application security tasks including threat modeling, developer code reviews, consulting, static code analysis, dynamic runtime fuzzing, building custom tools, and automation and exploit development Assist the Federal presales, support, and customer success teams responding to prospect, customer, and field questions related to product and industry security Engage with third-party security consultants for independent security assessments, bug bounties, and penetration testing of the product Required Qualifications : Ability to meet U.S. citizenship and residency eligibility requirements associated with supporting FedRAMP-regulated environments. 2+ years of application security experience across areas such as API Security, Web Application Security, Enterprise Application Security, and Mobile Application Security 3+ years of developing commercial software products Hands-on experience working with Secure Software Development Lifecycle (SSDLC) security tooling , such as source code scanning tools (SAST) and third-party dependency or software composition analysis (SCA) Strong understanding of modern authentication and identity standards, including OAuth 2.0, OpenID Connect (OIDC), and SAML Ability to review application code for security vulnerabilities , ideally in Java or Go Experience identifying and m ... (truncated, view full listing at source)