Vacancy expired!
Principal Engineer - Product Security6-12+ Months with extensionsNYC, NY (2-3 days onsite per week)Looking for a Principal / Senior Principal Engineer of Product Security, to join clients global, shared cyber services group. This person is expected to work alongside the broader cyber team, partner with business unit technology teams, and review all products to ensure their protection. The ideal candidate has the experience to recognize risk, design preventive or detective controls and automate security tools.Job ResponsibilitiesHelp build, maintain and execute a strategy to secure their customer-facing productsPerform security reviews and code reviews of their productsOversee their Agile-SDL process ensuring security throughout all phases of the SDLPartner with the business to understand the needs and demands of the clients, partners and the marketplace and develop security standards and policies to ensure products are built to meet those needsSupport product engineering teams to address security issues and ensure sound trade-offsDevelop and maintain product security dashboards ensuring executive and other non-technical stakeholder audiences have real time visibility to the security of each productServe as the security SME for product engineering teamsSupport product engineering teams in developing threat models for new and updated productsWork alongside technical architects to develop and maintain secure architectural patternsContribute user stories to address security requirements and work with product engineering teams and stakeholders to prioritize themWork with software engineers to design preventative and/or detective controls for specific security issuesWork with engineering teams to build and socialize re-usable security componentsSocialize automated security tools and guide product engineering teams to integrate these within their CI/CD workflows and test environmentsWork with members of security intelligence and response team to integrate security monitoring of products and build use casesWork with members of security engineering team to develop, evangelize security solutions that solve security challenges that engineering teams face
QualificationsBachelor's degree in Computer Science, Software Engineering or equivalent experience5-10+ years of software development with at least 5 -8+ years in developing secure systemsExperience in one or more of the following modern languages/frameworks - HTML5,.net, node.js, JavaScript, PHP, Python, JavaScript (Python, JavaScript, ReactJS, Java) and build automation tools on an ad-hoc basisAbility to write Lambda functions (in Python)Proficiency in version control tools like Git.Familiarity with JIRAUnderstand code developed in JS, Node, .NET, Python, PHP, Scala, C/C+, and RubyHands-on with AWS and build/deploy/run Python applications in the cloud. Ability to write Lambda functions.Strong understanding of public application security projects such as OWASP, BSIMMFamiliarity with Checkmarx, Synk, BURP etc.Expert knowledge of application security attacksA strong understanding of modern development processes including agile developmentExperience in Threat Models and performing Secure Design Reviews.Solid understanding of application security topics such as authn, authz, encryption, session management, federation, OAuth/OIDCExtensive experience with application security tools like code scanners and dynamic analysis toolsExperience with application design & architecture using modern design patternsExperience with cloud security, particularly for AWS, Azure.Experience with integrating security into a DevOps cultureAbility to communicate complicated technical issues and risks to engineers, project managers and product managers.