Senior Product Security Engineer

 

 

• Provides support to cross-functional teams, with a high attention to detail•• Researches, analyzes, and documents findings•• May coach, review, and/or delegate work to other team members•• Conducts security assessments, threat modeling, and vulnerability reporting and develops security architecture patterns for implementing new solutions and products•• Performs application security reviews for our products and services to identify and/or validate vulnerabilities and attack chains•• Communicates findings, attack paths, and recommendations to technical and executive stakeholders through written reports and verbal presentations•• Develops and maintains methodologies for penetration testing•• Assists with decision-making, prioritization, and support throughout the secure software development life cycle (s-SDLC) on a variety of security domains•• Participates in requirements gathering, secure coding and configuration, software testing, and third-party component management and defect management•• Serves as point of contact on secure development and security best practices•• Consults cross-functionally to embed security gates into their existing SDLC, leveraging automation when possible•• Drives the development of standards, practices, and processes to establish, manage, and report adherence to application security requirements and best practices•• Attends regular stand-ups and planning meetings to build positive relationships with key stakeholders•• Serves as the security authority on assigned products, ensuring the security controls are functioning, security requirements are provided before coding begins, and that vulnerabilities are fixed within their •SLAs•• Ensures s-SDLC controls are embedded in assigned product and serves as control owner for a subset of these controls•• Engages in application and domain-specific threat modeling, as well as attack surface analysis and reduction