Execute against a Product Security target operating model (people, process, and technology)
that incorporates forward-leading SSDLC and DevSecOps best practices.
Partner closely with Product Development to integrate security while also ensuring developer
Conduct the analysis, evaluation, and enhancement of the effectiveness of Product Security
posture at procedural and technological levels.
Be able to facilitate the implementation of leading Product Security solutions.
Deliver, as part of a team, key Product Security services to our developer community, including:
o Conducting security assessments of applications (web, cloud, mobile) using range of
manual and automated penetration testing and source code review techniques;
o Performing security architecture reviews of applications in design and production
o Identifying potential threats and attacks to applications systems through threat
modeling identifying security recommendations and aligning them to appropriate risk
Familiarity with current Product Security threat landscape and industry best practices.
Experience with problem solving as well as risk management principles.
Experience with DevSecOps programs and embedding security technologies in the development
Experience working in Agile development, Product Security, Application Security, DevSecOps, or
DevOps role, with experience in the following technologies:
o Containers (Docker, Kubernetes, or similar)
o Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
o Continuous integration (Jenkins, Bamboo, Hudson, or similar.)
o Defect tracking (Jira, Bugzilla, ServiceNow , or similar.)
o Source code management (GitLab, GitHub, BitBucket, or similar.)
o QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)
o Application security testing tools (SAST, DAST, IAST, OSA, or similar.)
o Various *nix distributions
o Cloud environment (AWS, Azure, or similar)
Experience in all of the following:
o Developing enterprise applications or scripts (writing code)
o Demonstrated ability to learn and adapt to different CI/CD systems and leverage them
for automation as needed
o Performing manual application penetration testing
o Performing manual security code reviews
Familiarity with compliance frameworks such as ISO27001, SOC2, SOX, GDPR.
Ability to innovate and find creative solutions that balance the needs of the business with the
needs of security.
Effective teaming and presentation skills.
Minimal travel (<10%).
Bachelor’s degree in Computer Science, IT Security, Information Systems, Engineering, or related
field and 4 years of related work experience, or a Master’s degree in Computer Science, IT
Security, Information Systems, Engineering, or a related field and 3 years of related work
Certification as a Certified Information Security Systems Security Professional (CISSP), Certified
DevSecOps Professional (CDP), GIAC Certified Web Application Defender (GWEB), GIAC Cloud
Security Automation (GCSA), GIAC Web Application Penetration Tester (GWAPT), Certified
Application Security Engineer (CASE), Certified Application Security Specialist (CASS), or Certified
Secure Software Lifecycle Professional (CSSLP).