Senior Product Security Engineer - Reston

Senior Product Security Engineer Platform Security - Reston VA

Why We Have This Role

Qualtrics operates in an environment where security threats are constantly evolving making it essential to prioritize security across our operations. The Product Security Senior Specialist plays a crucial role in safeguarding our products and infrastructure against increasing security risks. This individual will support the establishment and maintenance of company-wide security standards working collaboratively with business units to tackle security challenges. Their contributions are vital in protecting customer data strengthening the companys reputation and ensuring that we deliver secure services consistently.

How Youll Find Success

• Proactive Initiative: Take ownership of security-related outcomes actively gathering necessary context to work autonomously toward the goals of platform security.
• Effective Communication: Foster trust and collaboration by communicating clearly and effectively across all levels of the organization.
• Security Knowledge: Possess an extensive understanding of security concerns related to products cloud environments and infrastructure providing valuable insights.
• Collaborative Spirit: Build strong relationships across various product teams to propel security initiatives forward and facilitate cohesive security practices.
• Analytical Thinking: Demonstrate sound judgment and problem-solving abilities in addressing complex security issues efficiently.
• Commitment to Learning: Keep pace with the latest trends and developments in security continuously enhancing your expertise in threat mitigation and security best practices.

How Youll Grow

• Deepening Security Knowledge: Deepen your expertise in key areas of Product Security Engineering such as secure coding practices threat modeling and vulnerability management allowing you to tackle increasingly complex security challenges within our product development lifecycle.
• Leadership in Security Initiatives: Take the lead on critical security initiatives including driving security assessments code review processes strengthening your leadership capabilities and making a measurable impact on our security posture.
• Strategic Influence: Collaborate with cross-functional teams to shape and influence security policies and frameworks contributing to the overall security strategy of the organization and enhancing your ability to drive organizational change.
• Knowledge Development: Remain current with security trends augmenting your understanding of emerging threats and innovative solutions.
• Innovation and Research: Explore and experiment with new security technologies and methodologies providing innovative solutions to security challenges and reinforcing your position as a key contributor to the organizations security advancements.

Things Youll Do

• Work with engineering teams to design and develop applications that incorporate security best principles. Serve as a key stakeholder and driving the implementation of secure coding best practices.
• Configure monitor and deploy monitoring and blocking rules on Qualtrics WAF interfaces.
• Expert experience with container security including image scanning k8s security best practices and container runtime security.
• Analyze software applications for security vulnerabilities using manual and automated source code review tooling.
• Identify security risks and weaknesses in software architecture by performing application threat modeling.
• Use security testing tools to identify track and fix vulnerabilities in applications and enterprise infrastructure.
• Maintain and generate reports on application and infrastructure security posture metrics KPIs and vulnerabilities to support enterprise and security architects.
• Coordinate internal pen test engagements with the Red Team and Engineering stakeholders.
• Serve as strategic advisor and thought expert to Engineering teams through multiple channels including application review sessions threat modeling and security champions program.
• Own and operate the Qualtrics vulnerability disclosure and bug bounty programs.

What Were Looking For On Your Resume

• Expert knowledge of cloud security best practices including IaC as it pertains to hardening a cloud-centric infrastructure.
• Minimum of 5-6 years of recent experience in product security secure application development and/or cybersecurity.
• Bachelors degree from an accredited college or university in Computer Science Information Technology or Engineering or relevant work experience.
• Preferred: Advanced technical degree in Computer Science Engineering Mathematics or other technical field from an accredited institution.
• Development experience using either Python JavaScript Ruby Go or other relevant language; minimum 5-6 years of recent work experience identifying and mitigating security issues in software and knowledge of secure code development best practices.
• Expert knowledge and ownership of SAST SCA DAST and CNAPP tools.
• Experience securing CI/CD pipelines and secure configuration of version control systems.
• Familiarity with and have regularly conducted security reviews using application security frameworks (e.g. OWASP Top Ten).
• Relevant security certifications such as but not limited to CISSP CEH GWAPT GPEN OSCP GCIH OSEP.
• Experience evangelizing application security principles and topics through engineering forums tech talks etc.
• Excellent communication skills and meticulous attention to detail; experience in designing analyzing and conducting threat model assessments of enterprise software and services; penetration testing or red team experience is a plus.

Joining our team means stepping into a role thats vital challenging and deeply linked to Qualtrics aim of reshaping industries by harnessing the power of Experience Management and AI.

Our Teams Favorite Perks and Benefits

• Wellness Reimbursement for $300 per quarter for wellness activities including gym memberships spa massages workout equipment meditation apps and much more.
• $1800 Experience bonus to be used for an Experience of your choosing
• Amazing QGroup Communities; MOSAIQ Green Team Qualtrics Pride Q&Able Qualtrics Salute and Womens Leadership Development which exist as places for support allyship and advocacy.