Senior Product Security Engineer

What You'll Do:

• Conduct security assessments, code reviews, and penetration tests on web applications, APIs, and mobile applications to identify vulnerabilities and security flaws. 
• Collaborate with development teams to integrate security practices into the CI/CD pipelines, including implementing automated code scanning tools. 
• Develop and maintain secure coding guidelines and provide training to developers on security best practices and awareness. 
• Manage and respond to security incidents, including performing root cause analysis and remediation tracking.
• Stay abreast of the latest security threats, vulnerabilities, and mitigation techniques; share insights with internal teams to foster a culture of security. 
• Assist in the development and implementation of application security policies, standards, and procedures in alignment with industry best practices and regulatory requirements. 
• Conduct architectural reviews of new technologies and security controls to ensure they meet security best-practices. 
• Develop and/or maintain product vulnerability management processes and procedures. 
• Write and maintain production-quality APIs to automate security processes, benefiting infrastructure and developer workflows. 
• Operate and respond to enterprise Bug-Bounty program findings. 

What You've Done:

• Expert level understanding ofprinciples, theories, and concepts related to offensive webapplication security testing and defense-in-depth remediation approaches. 
• Expert level knowledge in conducting vulnerability assessments and code reviews. 
• Expert level proficiency withautomated security testing tools (e.g., Burp Suite, OWASP ZAP,Snyk). 
• Expert level communication skills, with the ability to articulate complex security issues to technical and non-technical stakeholders. 
• Expert level experience in applied cryptography & key management. 
• Expert level experience in implementing SAST, DAST and SBOM generation tooling into developer workflows. 
• Expert level experience in performing threat modeling (e.g., STRIDE, PASTA) 
• Intermediate level proficiencyin at least one scripting language (e.g.,Python, Ruby). 
• Intermediate level familiarity of security frameworks (e.g., PCI DSS, CIS, ISO 27001, NIST CSF). 

Preferred Skills and Qualifications:

• Security certifications (e.g., OSCP, CEH, CISSP, GWAPT). 
• Intermediate level experience with cloud security principles and technologies in AWS & Azure. 
• Intermediate level knowledge of Kubernetes (K8s) Security foundations, including admission controllers, K8s Network Policies, K8s RBAC, and K8s Ingress architectures. 
• Intermediate level proficiency in DDoS mitigation techniques using AWS Shield, CDN traffic scrubbing, and origin protection mechanisms. 
• Intermediate level Software development experience in C#. 

What We Offer

• Accelerated Growth Environment: Immerse yourself in an environment designed for swift skill and knowledge enhancement, where you have the autonomy to lead experiments and tests on a massive scale.
• Top Tier Compensation Package: Enjoy a rewarding compensation package that includes enticing stock incentives, aligning with our commitment to recognizing and valuing your contributions.
• Flexible Time Off: Embrace a healthy work-life balance with unlimited Flex Time Off, providing you the flexibility to manage your schedule and recharge as needed.
• Comprehensive Benefits Package: Prioritize your well-being with a comprehensive benefits package, featuring 401k, and premium Health, Vision, and Dental Insurance options.
• Team-Building Events: Engage in vibrant team events that foster camaraderie and collaboration, creating an atmosphere where your professional and personal growth are celebrated.