AppSec Jobs
← Back to all jobs

Esri

System Engineer- Cyber Security Engineering Focus

Redlands, CAPosted 2 weeks agoWebsite
Apply on LinkedIn →

About This Role

This job posting is no longer available.

About Esri

Esri (Environmental Systems Research Institute, Inc.) is a leading American company founded in 1969, based in Redlands, California. It specializes in geographic information system (GIS) software, location intelligence, mapping, and geodatabase management applications. With a significant market share of approximately 45%, Esri serves over a million active users across 350,000 organizations worldwide. The company began as a land-use consulting firm and transitioned to software development, launching its first commercial GIS product, ARC/INFO, in 1981. Esri's core offering is the ArcGIS platform, which provides a comprehensive suite of digital mapping and analytics tools. This platform supports various sectors with solutions for mapping, spatial analysis, and cloud-based data integration. Esri is committed to advancing geospatial analytics, investing 30% of its annual revenue into research and development. The company operates numerous offices and research centers globally and hosts an annual user conference that attracts around 18,000 attendees.

Industry

information technology & services

Employees

6,000

2133 engineers

Revenue

$1.3B

Website

Visit →

Security at Esri

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Esri's AppSec philosophy is centered on a commitment to delivering secure geospatial software and services, overseen by the CISO-Products.
  • They prioritize developer enablement through secure coding training based on OWASP guidelines, providing secure coding checklists, and publishing comprehensive security and authentication guides.
  • Their risk philosophy is grounded in the Building Security In Maturity Model (BSIMM), with the most rigorous measures applied to core products like ArcGIS Enterprise, Online, and Pro.
  • Current stated goals include advancing AI threat modeling and red team testing.

Security Team

The AppSec team is embedded within product operations and engineering and reports to the Chief Information Security Officer (CISO)-Products. Key leaders include Kevin Ford (CISO-Products) and Pete Buwembo (Principal Software Security Engineer). While there are no currently active 'Application Security Engineer' job postings, previous listings emphasized collaborating with development and DevSecOps to design security into applications upfront. Total team size and formal headcount are not publicly available.

Key Initiatives

Esri maintains a 'Security & Privacy Champion' program to foster security culture. They practice 'Shift Left' by designing security into applications upfront and providing developer guides. Vulnerability management is handled by a Product Security Incident Response Team (PSIRT), which uses CVSS for scoring. Intake occurs via standard support or the Trust Center. Operational ceremonies include static/dynamic analysis, third-party component analysis, and periodic penetration testing. Specific new initiatives from the last six months are not publicly documented.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn