Role: Product Security Engineer
Location: Concord, CA (Day 1 Onsite)
Experience: 8+ Years
Perform and support security assessments against most modern product features.
Support code reviews across a mixed language codebase.
Participate and lead the security research initiative.
Manage security integration into the SDLC.
Partner with developer team and architects to design, implement and improve application security solutions.
Share experience with authentication and authorization models, modern mobile security methodologies, applied cryptography, and secure-by-design development practices.
Advocate security awareness and teach secure behavior and methods.
Implement best-practice security procedures, standards, and guidelines in the application space.
Work on strategic and highly visible BSIMM activities across the organization.
Assist in compliance activities such as external audits from customers, regulatory compliance projects, and overall information security reviews.
Develop tools that make it easier to ship secure code and harder to ship insecure code.
Lead “shift-left” initiatives and scale AppSec efforts across the development organizations.
8+ years of application/product security experience.
Bachelor’s OR Master’s degree in Computer (preferred) Science/Engineering/Information Security or equivalent work experience.
Strong understanding of web and mobile application security assessment techniques, threat modeling, general software development practices.
Experience with creating automation in a higher-level scripting language (Python, JavaScript, etc.).
Ability to perform technical risk assessments, evaluate Static Application Security Testing (SAST) tool results, triage security testing results, and manage security response actions.