Sr. Product Security Engineer

About The Position

Requirements

• BS/BA degree or equivalent in relevant coding experience
• 8+ years of overall experience in Application Development, with at least 3 years focused in the Product Application Security discipline
• Experience in designing, implementing, and maintaining secure software systems
• Experience in C# and .NET Framework/Core
• Fluent in one or more other programming languages relevant to the organization (e.g., Python, Java, JavaScript) and the ability to quickly learn new languages
• Experience with common security vulnerabilities (e.g. OWASP Top 10 and API Security Top 10) and their mitigations/remediations
• Experience with development and build pipelines and associate best practices
• Experience with threat modeling and security analysis of application components to identify and mitigate potential vulnerabilities
• Experience in secure source code audit/analysis and reporting
• Experience in application security within cloud environments (e.g. AWS, Azure, GCP)
• Experience developing and implementing security APIs and associated tooling against threats, such as unauthorized access and data breaches
• Experience operating within and discovering the security implications of pre-existing code environments
• Experience with static and dynamic analysis tools, including vulnerability scanning suites

Nice To Haves

• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively across multiple teams

Responsibilities

• Collaborate with product engineers and product teams to gather requirements, provide expert consultation on securing the entire SDLC process
• Identify architectural flaws and security concerns in application designs early in the SDLC process
• Threat Model and design security controls and mitigations in collaboration with product engineering teams
• Design, develop, and maintain a centralized repository of reusable secure code components and tools for use by development teams
• Review application code to identify logic flaws, unsafe functions, and violations of security standards; following guidelines from frameworks like OWASP, BSIMM, and NIST SSDF
• Verify/validate secure code interactions with other dependent and integrated services/systems
• Ensure testing automation addresses security goals and concerns
• Review and verify identified/reported vulnerabilities, perform root cause analysis, and partner with developers to drive corrections
• Stay up-to-date with emerging security threats, trends, and new technologies to continuously improve the security posture of our code and shared development resources
• Contribute to technical requirements, architecture, and interface design documents and educational resources

Benefits

• Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
• Stock: This role is eligible to receive Restricted Stock Units (RSUs).
• Global benefits provide options for the following:
• Paid Time Off: earned time off, as well as paid company holidays based on region
• Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
• Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
• Retirement Plans: select retirement and pension programs with potential for employer contributions
• Learning and Development: options for coaching, online courses and education reimbursements
• Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events