Senior or Staff Software Engineer, Product Security

View full description

Requirements:

• Minimum 8 years of experience in Software Development and testing.
• BS (or equivalent) in Computer Science, Computer Engineering, or a related field.
• Proficiency in software development languages: Python, NodeJS, React.
• Strong understanding of encryption, authentication, and authorization protocols.
• Deep experience with common software flaws, testing methodologies, and security tooling.
• Professional experience with security solutions for cloud providers such as GCP and AWS.
• Experience conducting efficient code security reviews.
• Experience triaging and remediating vulnerabilities.
• Experience with Software Security tools such as SAST, DAST, and SCA tools.
• Experience with web application testing frameworks such as BurpSuite, OWASP ZAP.
• Experience with Threat modeling tools and Red Teaming or penetration testing.
• Strong written and verbal communication skills.
• Security certifications such as OSCP, CEH, GWAPT are a plus.

Responsibilities:

• Lead application security reviews and threat modeling, including secure code review, architectural design, and testing.
• Develop automated testing and mature the Secure SDLC.
• Own and perform application security vulnerability management.
• Coordinate penetration testing engagements.
• Support software engineers and product teams by developing application security best practices.
• Develop and maintain the bug bounty program.
• Bootstrap platform security initiatives to protect TRM data.
• Inspire a culture of security across the engineering organization.