Product Security Engineer

Position: Product Security Engineer

Location: Remote

Hiring Mode: 6+ Months Contract

Job Description:

• We are seeking a talented and experienced Product Security Engineer to work within the Product Security team for the end-to-end security of client software products.
• The ideal candidate will have prior experience working closely with software engineering and product teams to achieve product and security business objectives. They support the implementation of secure development practices, threat modelling, architecture, design, vulnerability assessments and security verification, as well as defining the security standards for a variety of products and tools.

Job Responsibilities

• Providing security guidance on new products and technologies within the organization
• Develop solutions to meet security needs efficiently and overcome technical challenges
• Collaborating with engineering teams to perform product security assessments and threat modelling
• Hardening and managing the security of software development pipeline tools (CI/CD)
• Collaborating with development teams to reduce false positives from SAST and DAST scans
• Collaborating with infrastructure teams to harden operating systems and infrastructure.
• Responding to vulnerabilities discovered by detection systems
• Maintaining internal documentation and security standards to align with security best practices
• Designing and implementing tools to automate and scale security processes
• Define access policies and review access requests for approval
• Assess effectiveness of security controls, such as firewalls, authentication methods, etc.
• Providing security support and leadership to the product engineering team
• Oversees the creation of project documentation including qualification plans, issue lists

Qualifications:

• United States location (for ITAR related assignments)
• 3+ years Product Security Engineer experience required
• Bachelor's Degree in Computer Science, Computer Engineering, or equivalent and relevant experience
• Experience configuring and using static and dynamic application security testing tools
• Scripting abilities with policies as code and simple automation using Python, Bash, or similar tools
• Knowledge of secure software design and development techniques
• Maintains current knowledge of technologies, evaluates and researches technologies to determine best solutions, placement, testing methodologies and implementation
• Strong exposure to popular application security standards including OWASP TOP 10, SANS TOP 25
• CISSP, CSSLP, AWS Certified Security Specialty, or other security certifications preferred