Software Security Engineer – Product Security (DevSecOps)

Work Schedule

Environmental Conditions

Job Description

What We Do

The Product Security team is a group of Builders Breakers and Fixers specializing in collaborative security engagement. The goal of the Software Security (DevSecOps) team is to provide self-service security by enabling the 3 Ways of DevOps: Fast Flow Rapid Feedback and Continuous Learning.

As the business continues its digital transformation the DevSecOps team serves as a vanguard for promoting and enabling DevOps practices across the organization. We focus on integrating and improving existing processes removing bottlenecks and enabling safe experimentation whenever possible.

Job Description

We are seeking a highly skilled and experienced Software Security Engineer to join our Product Security team. The successful candidate will help ensure secure Software Development Life Cycle (SDLC) practices across the organization from design through deployment.

In this role you will partner with product development teams to scale secure development practices improve automation and tooling reduce remediation friction and integrate security earlier into the software development lifecycle.

How Will You Make an Impact

As a Senior Software Security Engineer you will engage with product development teams across the organization and serve as a subject matter expert in secure software development practices DevSecOps enablement and application security.

You will collaborate closely with engineering teams to identify and mitigate security risks improve security automation and integrate scalable security solutions into software delivery workflows.

Key Responsibilities

• Work closely with development teams to identify and mitigate security risks in software and systems.
• Promote and enhance Secure SDLC practices through automation tooling architecture reviews and scalable security integrations across the software development lifecycle.
• Conduct security assessments and code reviews to identify vulnerabilities and ensure compliance with security standards and best practices.
• Develop and maintain secure coding guidelines and provide training to development teams.
• Collaborate with cross-functional teams to support the timely delivery of secure software solutions.
• Mentor and train less experienced team members on technical and security-related topics.
• Develop solutions to automate security processes and workflows.
• Evaluate security tools and lead Proof of Concepts to support recommendations for tool acquisition integration and maintenance.
• Develop metrics and reporting to support remediation prioritization and continuous improvement initiatives.
• Identify and drive process improvements to increase productivity reduce friction and improve security outcomes.
• Contribute to the Product Security teams strategy and long-term roadmap.

How Will You Get Here

Education

Bachelors or Masters degree in Engineering Computer Science or equivalent work experience.

Experience

We are looking for candidates with 5 years of relevant experience in software development and security or an equivalent combination of experience and expertise including:

• Experience writing and/or testing software applications including automation.
• Experience working with container technologies and cloud providers such as AWS.
• Familiarity with one or more modern programming or scripting languages such as Python Java JavaScript C/C .NET Bash PowerShell or Ruby.
• Familiarity with development tools such as Git Jira Jenkins Docker Eclipse Visual Studio Visual Studio Code and/or IntelliJ.
• Strong attention to detail with excellent interpersonal and time management skills.
• The ability to communicate effectively and professionally with a diverse group of stakeholders including Vice Presidents Directors Managers Developers and Domain Experts.

Knowledge Skills Abilities

• Self-motivated individual with an agile and collaborative mindset.
• Experience performing application security assessments; participation in bug bounty programs capture the flag (CTF) events or the broader security community is a plus.
• Experience with mobile application security is a plus.
• A history of involvement in general information security practices and/or the security community.
• Strong written and verbal communication skills in English.