Staff Product Security Engineer

Product Security is working at Shifting Left, allowing engineering teams and the company to be proactive with simplified integrated security testing. This paradigm shift benefits developers by codifying security activities at scale into their build pipelines ensuring tool chains are easily automated with continuous monitoring and feedback.

Required Experience:

5

+ Years
Job Locations:

San Diego, CA | Santa Clara, CA | Chicago, IL

Location Restrictions:

Travel

Basic Qualifications and

As an engineer on the Offensive Security Team, you will be responsible in identifying security vulnerabilities within our platform. You will work with internal development teams to review source code and pentest custom functionality built on top of the platform. In this role, you will also be responsible for interacting with customers that perform security assessments against their instance. You will have the opportunity to assess security of 3rd party vendor applications, plan projects, and be a security advocate. A key part of this position is to effectively report issues to the application owners, provide meaningful remediation recommendations, and validate that they have been resolved.

Responsibilities
  • Perform software auditing services to internal teams to discover, communicate, and recommend remediation activities for software vulnerabilities.
  • Provide architecture design input, evaluate threats and document risk
  • Proactively research new attack vectors that may affect the platform
  • Research and implement automated code security quality gates in a CI/CD life cycle
  • Research security topics which are a risk to the organization
  • Be an advocate for security for development teams and participate in a security champions program
  • Work with third-party vendors on security testing

Required Skills and Experience
  • 7-10+ years prior experience securing enterprise products.
  • Prior experience building a secure software development life cycle.
  • Developer level proficiency in Java and JavaScript.
  • Previously managed a bug bounty or responsible disclosure program.
  • Strong understanding of web and mobile application security assessment techniques.
  • Ability to articulate complex issues to executives and customers.
  • Experience working with the ServiceNow Platform a plus.
  • Security certifications a plus.

Interested in this position?
Fill out the form below!