Member of Technical Staff -Product Security

Aptiv•Troy, CA

10h•$165,000 - $222,000

About The Position

ABOUT WIND RIVER Wind River is a global leader in delivering software for mission-critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability. Wind River helps customers across automotive, aerospace, defense, industrial, medical, and telecommunications industries solve complex technology challenges on their journey toward the new intelligent machine economy. The company’s software powers generation after generation of the safest, most secure systems in the world. Examples include playing a key role in NASA space missions such as Artemis I, the James Webb Space Telescope, and multiple Mars rovers. We’ve achieved recent 5G milestones including the world’s first successful 5G data session with Verizon and building one of the largest Open RAN networks in the world with Vodafone. The company has received industry recognition for its technology innovation and leadership, and for its workplace culture, including global Great Place to Work certification and being named a “Top Workplace” for ten consecutive years. If you want to be part of a unique culture where the lived experience is based on our cultural attributes of growth mindset, customer-focus, and diversity, equity, inclusion & belonging, come join us and help advance the future software defined world. YOUR ROLE As a Member of Technical Staff on our team, you’ll focused on implementing modern DevSecOps technologies, pioneering new security tools, processes and capabilities for cloud-native solutions. The candidate must have experience in securing cloud-native development environments and be a highly adaptable team player who can quickly ramp up on new technologies and accomplish goals in a fast-paced agile environment. A combination of strong technical and communication skills is a must, along with an unbounded desire to learn new technologies and their application.

Requirements

Expertise in Application Security , network design, back-end security-enhancing features
Deep knowledge of application vulnerability management, remediation, and troubleshooting skills
Hands-on experience using tools like Coverity, BurpSuite, ZAP, Trivy, PRISMA Cloud, Tenable, Rapid7 etc.
Excellent programming skills using Python, Go etc.
Proficiency in pipeline automation leveraging Gitlab, Jenkins, Jira etc.
Strong foundation of DevSecOps principles, Infrastructure as Code including Terraform and Helm, Container and Cluster hardening
Good exposure to cybersecurity principles with a desire to increase knowledge
Experience in Architecting and delivering security features on cloud providers (Azure AWS, GCP etc.), On Prem and Hybrid environments.
Industry standards-based documentation, certification, and accreditation such as NIST SP 800-53, NIST 800-171, FEDRAMP, and Security Technical Implement Guides (STIGs) and bringing components into compliance with these standards
Experience with Agile and Scrum
Self-managed, fast learner, and strong problem-solving and analytical skills.
Excellent verbal and written communication skills and a good listener.
Exceptional team player who works well in collaborative situations.
Ability to brainstorm and represent competing ideas simultaneously.
Growth mindset who is passionate about learning and applying new technologies.
8+ years of relevant technical experience in cybersecurity with 2+ years of experience in software engineering.
BS / MS degree (Computer Science, Electronics Engineering, or equivalent technical degree)

Nice To Haves

Security penetration testing & threat modelling would be a plus.
Secrets Management leveraging Hashicorp Vault is a plus

Responsibilities

Secure application on OnPrem and Public Cloud environments leveraging IAC
Establish, implement security policies for Docker, K8s and Public Cloud Platforms
Implement and automate Application Security policies by embedding SAST, DAST, API Security and Penetration Testing in the product development workflow
Accelerate container security with pipeline development
Drive vulnerability management and remediation in partnership with various product teams
Manage and maintain secure integrations between tools like Gitlab, Jenkins, JIRA, and many more.
Implement solutions for event log collection and SIEM.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume