Their Cyber Security organization is growing rapidly to help guide the company through its own global hyper growth phase. This growth is fueled by customer demand for our innovative cloud-based software and embedded product lines. As a Product Security Engineer, you will be working with teams comprised of Software Engineers, Quality Engineers, User Interaction Design Engineers, Infrastructure/Platform team, and the Product Owners to help lead the technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions. You will be a security evangelist providing thought leadership & helping guide developers in secure coding principles and engineers in secure implementation of technology stack in a cloud environment. In this role, you will be reviewing software designs and implementations from a security perspective and discovering subtle security issues that appear under unexpected threat scenarios. Your curiosity allows you to thrive in addressing real world problems via automation. You will focus on security for all components of our systems, including Edge (embedded) devices and cloud infrastructure, with an emphasis on threats from all sources. You will also be consuming threat intelligence, conducting threat modeling and designing robust, resilient platform and domain specific products.
- Drive tailored SDL practice into specific engineering.
- Consult architect on security requirements and utilize best practices to meet them.
- Engage in application, platform and domain-specific threat modeling and attack surface analysis/reduction.
- Engineer Security solutions for cloud and embedded products, and the planning and implementation of risk mitigating security solutions.
- Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development.
- Implement security control across the technology stack to meet security and compliance requirements for IaaS, Paas, and SaaS.
- Help prepare reports at appropriate levels of confidentiality for stakeholders to view.
- Responding promptly and in detail to customer-sponsored penetration tests.
- Promotes best practices, design patterns, standards through workshops, knowledge sharing, and code walk-throughs.
- Build automation around testing tools and techniques.
- Tailor communication to a variety of audiences and perspectives, and anticipates issues to prevent conflict.
- Work with the Product teams and Cloud Infrastructure and Platform teams to lead initiatives and develop and build security utilities and tools
- Translate Standards and Regulatory based controls to Engineers do they understand what needs to be done.
- Build and maintain a robust infrastructure/platform/product security roadmap to meet customer demands and regulatory mandates.
- Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or 4 years of equivalent experience.
- 3+ years of experience in application/product security in a cloud environment.
- Strong knowledge of CI/CD and automation tools (Chef, Git, Jenkins) and Infrastructure/Security as Code.
- Strong knowledge of Identity management and identity federation (SAML, Oauth).
- Strong knowledge of virtual infrastructure and containerization technologies.
- Experience designing and implementing security controls in cloud platforms such as AWS, Azure and alike.
- Must be available for on call for potential security response.
- Experience with the application of risk identification and evaluation techniques.
- Experience with broad set of information security technologies and processes within an IaaS, PaaS, and SaaS.
- A Master's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math).
- Contribute to and lead discussions and communications within the team and outside, including customers and other business units.
- Partner with product owners in requirement gathering and vetting.
- Foster a collaborative and cooperative team environment, encouraging input and participation from all members.
- Significant experience in cryptography, network security or systems security.
- Distributed computing, clusters, virtualization, high availability, load balancing.
- Experience in embedded (Edge compute) security, IoT Security and Operational Technology (OT) security.
- Experience in large enterprise and cloud environments.
- Skilled at explaining complex technical issues in terms understandable by the business.
- Excellent written and verbal communication skills, especially experience with executive-level communications.
- Experience with web-based applications and/or web services-based applications, especially at massive scale.
Travel: Occasional travel is required (COVID pending)
If Interested, please contact email@example.com
(EA Reg no: R1440978)
Company Reg No.: 201131609D, Licence No.: 11C4684