Senior Product Security Engineer

The Product Security team is seeking a Senior Product Security Engineer to implement secure development practices in a fast-paced, agile development environment. You will be responsible for defining security requirements, adoption and configuration of security tooling and platforms, threat modeling and risk assessment, secure architecture reviews, secure code reviews, and security testing. Following a shift-left approach, you will partner closely with product engineering teams. A successful candidate is a self-driven security professional, able to effectively communicate with stakeholders to improve product security posture.

Responsibilities:

• Partner with Engineering, DevOps and SRE to integrate secure development practices in each stage of SDLC.

• Perform threat modeling, security assessments and drive security testing for products.

• Analyze security issues and coordinate triage, tracking and remediation of security incidents.

• Continuously learn and stay up to date with new technologies, tooling and techniques in cloud and security.

• Provide consultation and educate developers in software security. Participate in internal security community content and activties.

In order to be considered for this role, you must have:

• 4+ years of experience in cybersecurity or related field

• Deep understanding and experience with secure architecture reviews, threat modeling and/or risk assessments

• Solid understanding of DevSecOps principles and CI/CD systems

• Understanding of security concepts including common vulnerabilities (OWASP Top 10, SANS 25), Secure development practices, and security tooling (SAST, DAST, SCA)

• Ability to communicate and coordinate with stakeholders remotely

• Passion to learn and grow in cybersecurity field. Ability to mentor junior team members

The following is considered a plus:

• Recognized industry certifications (CEH, OCSP, GIAC ...)

• Experience with governance and security certifications (SOC2, ISO27001, FIPS)

• Bsc./Msc. degree or equivalent formal education in cybersecurity or related fields