Job Description:
• Own and mature the product security program, including security review processes, secure development standards, risk prioritization, vulnerability remediation practices, and engineering enablement.
• Lead security architecture reviews and secure design initiatives across backend services, web applications, mobile applications, APIs, and remote devices.
• Review source code and application architecture to identify security vulnerabilities, insecure patterns, and operational risks.
• Partner closely with Engineering, DevOps, QA, Infrastructure, and Product teams to integrate security into the software development lifecycle.
• Establish and enforce secure coding standards, development guidelines, and security best practices.
• Mentor and guide software engineers on secure development practices and remediation strategies.
• Perform threat modeling and risk assessments for new and existing products and infrastructure.
• Assist in incident response investigations, root cause analysis, and remediation planning.
• Evaluate third-party libraries, frameworks, and dependencies for security and operational risks.
• Collaborate with DevOps and Infrastructure teams on cloud security, CI/CD security, secrets management, and system hardening.
• Drive vulnerability management efforts, including prioritization, remediation guidance, and validation.
• Help define and implement logging, monitoring, and security alerting strategies.
• Partner with external security consultants and vendors on penetration testing and security assessments.
• Promote a security-first engineering culture across the organization.
Requirements:
• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience.
• 7+ years of experience in software engineering, application security, product security, or cybersecurity engineering.
• Strong understanding of secure application architecture and modern security practices for web, mobile, cloud, and distributed systems.
• Hands-on experience reviewing source code and identifying security vulnerabilities.
• Experience with OWASP Top 10, secure coding standards, authentication/authorization models, API security, and vulnerability remediation.
• Experience securing cloud-native environments in AWS, Azure, or GCP.
• Strong understanding of CI/CD pipelines, DevSecOps practices, container security, and infrastructure security.
• Experience with threat modeling, penetration testing coordination, and incident response processes.
• Ability to mentor engineers and influence technical direction across multiple teams.
• Strong analytical, communication, and leadership skills.
Benefits:
• Health insurance
• Flexible work arrangements
• Professional development