Senior Product Security Engineer

Minimum 8 years of experience in Software Development and testing BS (or equivalent) in Computer Science, Computer Engineering, or related field Proficiency in Python, NodeJS, React Strong understanding of encryption, authentication, and authorization protocols Deep experience with common software flaws (e.g., OWASP and CWE), testing methodologies, and using common security tooling Professional experience with security solutions for cloud providers such as GCP and AWS Experience with modern secure software development lifecycles, threat modeling, and best practices Experience with conducting efficient and comprehensive code security reviews Experience triaging and remediating vulnerabilities in software packages or libraries Experience with Software Security tools such as Github advanced security or other SAST, DAST, and SCA tools Experience with Web application testing frameworks such as BurpSuite, OWASP ZAP Experience with Threat modeling tools such as OWASP Threat Dragon Experience working in a previous agile-based software development role Experience Red Teaming or penetration testing applications and infrastructure Strong written and verbal communication skills Familiarity with security frameworks (e.g., NIST SP 800-171 SSDF) is a plus

Lead application security reviews and threat modeling Develop automated testing and mature the Secure SDLC Own and perform application security vulnerability management Coordinate penetration testing engagements Support software engineers and product teams by developing application security best practices Develop and maintain the bug bounty program Bootstrap platform security initiatives Inspire a culture of security across the engineering organization