Incident Response Security Engineer

Apply Now


Esri has an exciting opportunity for you in a fast-paced, highly collaborative technical environment. As a global player in security for Esri products, the product security incident response team (PSIRT) handles incident investigations, digital forensics, vulnerability management, and coordination for the whole ArcGIS platform.


You will be part of a single point of contact team that digs into data and takes on detailed problem solving. You will have the opportunity to drive continuous improvement in security on the border of development and product teams, where you will serve a vital role ensuring and improving the security of the solutions Esri creates.


  • Lead the vulnerability management process; prioritize, triage, and verify security-related issues (external/internal) across Esri products and versions
  • Evaluate security impact risk and provide guidance to engineering teams using industry standard metrics (i.e. CVSS); work closely with product management and engineering and development teams to drive issues to closure
  • Actively hunt for bugs using various static code analysis, dynamic analysis, variant analysis, and pen testing tools; provide input to tools and security team to enable systemic issue identification
  • Investigate, track, and remediate open source vulnerabilities
  • Cultivate strong working relationships with external researchers, reporting organizations, and customers to ensure effective collaboration
  • Collaborate with product teams in contributing to security best practice whitepapers for internal and external use


  • 2+ years of web application security experience including vulnerability management and cloud, mobile, or application security
  • Understanding of common classes of product security vulnerabilities (i.e. OWASP Top 10) and attack/defense methodologies
  • Proven ability to work collaboratively and remotely with others to accomplish complex goals including dealing with escalated, customer-facing issues (security preferred)
  • Experience with issue management as well as defining proactive mitigation strategies
  • Experience with various application security tools, such as static code analysis, dynamic code analysis, vulnerability scanning, and pen testing
  • Willingness to travel and present at events with a variety of IT-related audiences
  • Bachelor’s or master’s in computer science or related field, depending on position level

Recommended Qualifications

  • Cloud and/or security industry certifications
  • Experience with web and mobile platform security (ideally including Esri products)
  • Knowledge of industry practices for responsible disclosure of security threats and product vulnerabilities
  • Scripting skills (i.e. Python/Perl/Ruby, shell scripting) or development experience (Java/C++/Python)
  • Previous experience managing bug bounty programs such as Bugcrowd, Hacker One

About Esri

Our passion for improving quality of life through geography is at the heart of everything we do. Esri’s geographic information system (GIS) technology inspires and enables governments, universities, and businesses worldwide to save money, lives, and our environment through a deeper understanding of the changing world around them.


Carefully managed growth and zero debt give Esri stability that is uncommon in today's volatile business world. Privately held, we offer exceptional benefits, competitive salaries, 401(k) and profit-sharing programs, opportunities for personal and professional growth, and much more.


Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.


If you need a reasonable accommodation for any part of the employment process, please email and let us know the nature of your request and your contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.

Apply Now