Senior Product Security Engineer

• fullTime
• Posted : 8 months ago

Tasks

1. Implement and run the Product Security Board

• Build the security board team. This team is tasked with owning all product security decisions for FileCloud
• Conduct a gap analysis on processes and policies for the software development process
• Develop threat model for FileCloud
• Analyze security risks (reported internally or externally) and drive them to resolution with various teams
• Monitor and recommend product upgrades to be in compliance in meeting the standards that certain 3rd parties have set forth
• Identify, assess and manage software security tech debt
• Manage Security hardening team. The security hardening team is made up of developers who are working on analyzing existing product code and identify security tech debt

2. Implement SSDLC process for FileCloud (working with the dev team leads)

• Review HLD and do security sign off
• Implement CI/CD pipeline changes to setup security
• Security training for developers and create guidelines for security best practices

3. Security Testing (working with QA and Release teams)

• Develop internal pen testing process- OWASP/ZAP, third party pen testing tools, ethical hacking, Red teaming
• Coordinate Pen testing and resolutions - Required for each release

4. Operations

• Run bug bounty process
• Run product security ops team for responding to security incidents
• Communicate clearly on security related technical issues to the org
• Work with the documentation team to draft, review and approve security advisories that must go on the website and emails
• Professionally handling of customer communication for security related items
• Setup and maintain OKR & KPI metrics related to product security

Requirements

• 5+ Years of work experience as software engineer with focus on product security
• Strong experience in software development process with strong software architecture knowledge
• Bachelor’s degree in computer science or related field
• Development, scripting, or automation experience – Strong desire in automating your daily workflows to make your day more productive. You are comfortable writing in Python, PHP, or similar scripting languages
• Strong knowledge of various web-related technologies (such as Web applications, web servers, services, architectures etc.) and of network/web related protocols.
• Familiar with common security libraries, security controls, and common security flaws that apply to PHP applications
• Familiarity with application security such as OWASP Top 10
• Experience with standard web application security tools such as BurpSuite or similar alternatives
• Experience working with static code analysis tools such as Sonarqube or similar alternative
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc. is a plus
• Experience with network security and networking technologies and with system, security, and network monitoring tools is a plus
• Knowledge of Linux Tools/architecture & logging systems

Benefits

• Be part of a team of passionate, committed individuals dedicated to building a world-class product
• Dedicated time for training and education opportunities
• A mentorship model wherein your mentor and team support your development.
• A competitive salary with an annual bonus
• Fully remote working whilst offering flexible hours that fall outside of the companywide core hours of 9am -12pm (US Central time zone)
• 20 days of paid time off which increases by a further 5 days after 5 years of service (in addition to 10 public holidays in your country)
• Paid day off on your birthday or on an alternative day if your birthday falls outside a normal working day
• Paid day off to volunteer with the charity of your choice
• Paid monthly internet cost and lunch stipend provided
• Reimbursement of all hardware costs associated with the role