Product Security Engineer â Must have minimum 3 years CVE/CVSS Frameworks
Product Security Engineer â Must have minimum 3 years CVE/CVSS Frameworks
Posted on :
13-05-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Monthly Salary
Not Disclosed
Salary Not Disclosed
Vacancy
1 Vacancy
Posted on :
13-05-2025
Job Description
Over 50000 customers globally trust our endtoend clouddriven networking solutions. They rely on our toprated services and support to accelerate their digital transformation efforts and deliver unprecedented progress. With doubledigit growth year over year no provider is better positioned to deliver scalable outcomes than Extreme.
Inclusion is one of our core values and in our DNA. We are committed to fostering an inclusive workplace that embraces our differences and creates an atmosphere where all our employees thrive because of their differences not in spite of them.
Become part of Something big with Extreme! As a global networking leader learn why theres no better time to join the Extreme team.
Extreme Networks is seeking a Product Security Incident Response Team (PSIRT) member to join the Information Security team to support the Product Incident Response process and product scanning and oversight. The role will be supporting Extreme as we continue to support our customers both in terms of product support and managing the lifecycle of vulnerability resolutions.
The successful candidate for this position will need to:
Be able to understand and analyze publicly disclosed vulnerabilities distilling them down to determine any possible impact
Prioritize vulnerabilities and their handling from reporting to resolution
Play a pivotal role in safeguarding our organizations products and services against security threats. You will collaborate with crossfunctional teams respond to security incidents and contribute to the overall security posture of our offerings
Main Responsibilities:
Product Incident Response Team
Lifecycle management of a vulnerability from inquiry to validation of remediation
Interpret customer requests and publicly disclosed vulnerabilities to as they relate to Extreme products
Monitor manage and track internal communication per incident process
Interpretation of technical engineering responses for validity
Work with engineering and product teams to understand issues validate responses and rollout of remediation plans
Incident Response
Investigate and respond to security incidents related to our products
Analyze vulnerabilities exploits and threats
Coordinate with internal teams and external partners during a reported incident until resolution
Product Vulnerability Management
Oversee product vulnerability scanning for a range of Extreme products
Assess the potential impact of vulnerabilities on our products
Validate scan results to develop mitigation strategies
External vulnerability oversight to include interpreting cyber score reports
Work crossfunctionally to remediate finding on vulnerability reports
Security Advisories and Communications
Draft timely and accurate security advisories for affected products
Monitor security advisories and vulnerability databases
Communicate securityrelated information to customers partners and stakeholders
Maintain transparency and provide timely updates during incidents
Threat Intelligence
Stay informed about emerging threats and attack techniques
Collaborate with threat intelligence teams to enhance our defenses
Contribute to threat modeling and risk assessments
External vulnerability oversight
Collaboration
Work crossfunctionally with development engineering and quality assurance teams
Participate in security reviews and design discussions
Foster a securityaware culture within the organization
Documentation
Maintain accurate records of incidents investigations and remediation efforts
Create and update security procedures policies playbooks and guidelines
Continuous Improvement
Identify areas for process improvement within the PSIRT
Enhance incident response procedures and workflows
Requirements
Bachelor of Science in fields of computer science or engineering (or equivalent experience)
Understand common vulnerabilities and vulnerability databases: CVE CWE OWASP etc.
Network protocol knowledge such as TCP/IP DNS HTTP/HTTPS and other fundamental protocols
Firewall and IDS/IPS knowledge such as understanding network security devices and their configurations
Understanding of secure coding practices and integration of security practices into DevOps pipeline
Network solutions knowledge on IP Fabric (BFP EVPN VXLAN) transport technologies (BGP MPLS/VPLS Segment Routing) and Network Packet Broker Solutions
Ability to collaborate to develop an offering of exceptional design quality and experience and jointly improve our competitive advantage.
Experience with design or design research and a history of building strong relationships with designers and engineers to deliver solutions that solve complex problems
Experience with vulnerability and compliance assessments
Must have strong planning and organizational skills
Ability to grasp complex concepts and be both a big picture thinker and maintain a strong attention to detail
Excellent communication and writing skills; accuracy and consistency are important
Ability to understand technical jargon and communicate easily to the average user and system engineers
Must be a US Citizen and resident in the US
Maintain confidentiality of information
Must be able to prioritize projects maintaining a sense of urgency to meet deadlines.
Must possess the ability to follow verbal and written directions
Must be a selfstarter and able to work well in independently and in Team
Must be able to use critical thinking skills and judgment
Must be able to work positively and professionally with a wide range of personalities
Nice to have
Experience with development tools Jira GitHub Artifactory
Experience with automation and integrations Teams Jira Jenkins
Understanding and experience with coding languages C/C Golang Java JavaScript Python
Understanding of Secure Software Development Life Cycles (SDLC/SSDLC)
Security Certifications such as FIPS Common Criteria DoDIN APL
CISSP or equivalent security qualification
Extreme Networks Inc. (EXTR) creates effortless networking experiences that enable all of us to advance. We push the boundaries of technology leveraging the powers of machine learning artificial intelligence analytics and automation. Over 50000 customers globally trust our endtoend clouddriven networking solutions and rely on our toprated services and support to accelerate their digital transformation efforts and deliver progress like never before. For more information visit Extremeswebsiteor follow us on Twitter LinkedIn and Facebook.
We encourage people from underrepresented groups to apply. Come Advance with us! In keeping with our values no employee or applicant will face discrimination/harassment based on: race color ancestry national origin religion age gender marital domestic partner status sexual orientation gender identity disability status or veteran status. Above and beyond discrimination/harassment based on protected categories Extreme Networks also strives to prevent other subtler forms of inappropriate behavior (e.g. stereotyping) from ever gaining a foothold in our organization. Whether blatant or hidden barriers to success have no place at Extreme Networks.
Employment Type
Full-Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
