Product Security Engineer III

Who we are

We are a dedicated team of product security engineers committed to developing and supporting ground-breaking products. Together we’ll work to safeguard the future, enabling wellness businesses worldwide to empower their customers to lead healthy lives. Driven by a higher purpose, we continuously challenge ourselves and our organization to excel, recognizing the strength that comes from collaborative efforts toward a common objective. We are strong advocates for a diverse workplace, fostering an environment where individuals can bring their authentic selves to contribute to our shared success. At the core of our achievements is a deep belief in the value of our people. If you share our passion and vision, we invite you to consider joining our team, as together, we can explore remarkable feats and make a lasting impact!

Your role

As a Product Security Engineer III, you will be responsible for contributing to the success of the Product Security team in several key areas. You’ll work to reduce security friction across engineering by fostering partnership and collaboration to enhance our security posture. Security enablement will be a crucial aspect of your responsibilities involving implementation and administration of security tools. Lastly, you’ll play a vital role in establishing continuous security testing, measurability, and reporting on the impact of security initiatives.

You’ll pursue continuous improvement to help Mindbody achieve its mission: Powering the world’s fitness and wellness businesses and connecting them with more consumers, more effectively, than anyone else.

You'll likely spend time working on

• Actively participate in security activities covering all phases of the Secure Software Development Lifecycle (SSDLC).

• Fully engage in every facet of vulnerability assessments and threat management, encompassing penetration testing, validation, and report generation.

• Configure and administer Product Security tools and technologies.

• Collaborate with security champions and product engineers to seamlessly integrate security processes and technology across product and enterprise environments.

• Be responsible for developing and maintaining security documentation and reports derived from penetration testing activities and product security tools. · Administer, interpret, and triage results from a variety of security tools and data sources including SAST, SCA, DAST, observability, vulnerability management, and cloud security platforms.

• Devise and execute effective remediation initiatives in collaboration with the product owners.

• Support and evangelize DevSecOps methodologies and frameworks in cloud and enterprise environments.

About the right team member

You are an intellectually curious engineer, who is passionate about creating impactful security solutions and who is excited to share them with others using your excellent verbal and written communication skills. You are an AppSec expert, and you know OWASP is more than a top 10 list. You have previous development experience and are eager to apply those skills to grow Product Security while working with fellow team members, security champions, and others across the broader Product Development and Engineering organization. You can lead some initiatives and work independently.

You'll thrive in this role with experience in

• Strong experience in information security and/or engineering technology experience.
• Experience in application security experience administering SAST, SCA, and DAST tools while additionally possessing the ability to interpret and remediate findings.
• Experience in years penetration testing experience with web and mobile applications.
• Experience with network proxies and penetration testing tools or aids, such as Burp Suite, Metasploit, Nmap, and Wireshark.
• Advanced knowledge of software security development practices.
• Advanced knowledge of cloud networking and cloud security concepts.
• Experience with one or more of the following programming languages: JavaScript, Python, C#, ASP, .NET, Java, Kotlin.
• Direct experience in guiding software engineering teams through security best practices and defining security requirements.
• Proficiency with container runtimes, IAC, and WAF.
• SaaS or software industry experience and security-related certifications are a plus.