Sr. Staff Product Security Engineer

Product Security is working at Shifting Left, allowing engineering teams and the company to be proactive with simplified integrated security testing. This paradigm shift benefits developers by codifying security activities at scale into their build pipelines ensuring tool chains are easily automated with continuous monitoring and feedback.

Required Experience:

7

+ Years
Job Locations:

San Diego, CA | Santa Clara, CA | Chicago, IL

Location Restrictions:

Travel

Basic Qualifications and

As a security engineer on the Product Security Team, you will be responsible in identifying security vulnerabilities within customer-facing software products. You will work with internal development teams to review source code and audit custom functionality built on top of the platform. You will have the opportunity to develop tooling, plan security projects, and be a security advocate. A key part of this position is to effectively communicate issues to the application owners, provide meaningful remediation recommendations, and validate that they have been resolved.

Responsibilities
  • Perform software auditing services to internal teams to discover, communicate, and recommend remediation activities for software vulnerabilities.
  • Provide architecture design input, evaluate threats and document risk
  • Proactively research new attack vectors that may affect the platform
  • Research and implement automated code security quality gates in a CI/CD life cycle
  • Research security topics which are a risk to the organization
  • Be an advocate for security for development teams and participate in a security champions program
  • Work with third-party vendors on security testing

Required Skills and Experience
  • 10+ years prior experience securing enterprise products.
  • 2-5 years of experience of web application security auditing including code review
  • 1+ years of experience in threat modeling and threat modeling tools
  • In-depth knowledge of common web application vulnerabilities (OWASP Top Ten)
  • Strong understanding of web and mobile application security assessment techniques
  • Developer level proficiency in at least one language - Python, Java, or JavaScript preferred
  • Knowledge of static and dynamic security analysis tools
  • Knowledge of the Security Development Lifecycle (SDLC)
  • Ability to deliver technical reports and communicate technical concepts to both non-technical business users as well as technical stakeholders.
  • A passion for security

Interested in this position?
Fill out the form below!