Application & Product Security Principal

Who we are:

For over 25 years Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving surveillance eDiscovery and analytics solutions. We securely capture and preserve the communications data of the worlds most highly regulated firms giving them greater visibility and control over their information and ensuring compliance with stringent regulations.

Though we offer competitive compensation and benefits and all the other perks one would expect from an established company we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. Its a place where you can genuinely make an impact and be recognized for it.

We believe great businesses thrive on diversity inclusion and the contributions of all employees. To that end we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other completely free of barriers.

Your role:

The Application & Product Security Principal is responsible for leading the DevSecOps areas of application security application vulnerability scanning and other daily security and compliance efforts. This role is positioned between software engineering security and operations driving the integration of robust security practices into every stage of the software development lifecycle. As a senior member of the Application & Product team you will input into strategy standards and partner closely with engineering platform and product teams to ensure security is built-in and aligned with business will champion a proactive risk-based approach to security embedding automated controls secure design principles and continuous assurance into the development pipelines. You will lead security sessions for development engineering teams with focus on risks security report analysis mitigations of identified vulnerabilities and process improvements. You will also be responsible for developing and deploying an automated security framework for robust deployment of tools and processes leveraging scripting languages and open-source solutions.

Your responsibilities:

• Extensive experience in Application Security Product Security or DevSecOps roles
• Deep understanding of secure software development practices including threat modeling secure coding and vulnerability management
• Serve as the liaison for deployment of DevSecOps standards and input into new standards or policies
• Embed security and DevSecOps practices throughout the organization within SDLC and support an automated continuous integration (CI) and continuous delivery (CD) system
• Work with APIs and plugins to integrate security tools into established CI/CD pipelines using agile delivery methodology
• Partner with developers and engineering teams to prevent vulnerabilities and shift-left security testing in the SDLC
• Focus on automation to aid in efficiencies with both testing and development
• Provide hands-on technical expertise and support in general DevSecOps tasks
• Review and analyze vulnerability data to identify security risks to the organizations network infrastructure and applications and effectively address false positives
• Investigate security issues in order to determine specific steps for reproduction and scope of vulnerabilities and risks
• Provide encouragement to team members including identifying areas for additional training or skills development
• Mentor less experienced members of the team to help build a strong culture improve security efficacy and oversee team member work for quality and guideline compliance
• Create security documentation and developer training material
• Improve test case documentation and grouping
• Act as the senior subject matter expert for Global Relay software security testing related to the CI/CD pipeline
• Lead the selection deployment and management of appropriate scanning tools for security testing in the CI/CD pipeline
• Develop competency in the OWASP Top 10 and derive new test methodologies based on Global Relay applications
• Work with Application and Product Security Team Lead to identify areas where security test coverage is lacking and work to improve the security test coverage
• Provide suggestions on improvements and see these through to completion

About you:

• 8 years of application security and operations experience and expert knowledge of software security
• Experience with at least one of each of the following:
  o OWASP Mitre NIST SP800-115
  o SAST DAST SCA
  o Python Java Bash PowerShell
  o Puppet Ansible Git repositories Jenkins Docker/Podman CI/CD technologies
  o Container - OpenShift / Kubernetes
  o API security
• Working with Security Developers DevOps and Engineering teams in a dynamic environment
• Secure development coding and engineering practices
• Experience with the following would be an asset:
  o AI tools / Machine learning
  o ISO 27000 SOC 2 GDPR and other security and privacy standards
  o CISM CISSP OSCP or other relevant security certifications
  o Networking technologies particularly with OSI layers and TCP/IP
  o Web-based protocols including cookie management encrypted traffic TLS HTTPS HSTS and webhooks
  o Security tools such as firewalls IDS/IPS anti-virus anti-spam and server and network device hardening
  o Encryption protocols and methodologies
• Ability to work under broad supervision with little instruction
• Ability to communicate effectively in both written and verbal forms with technical and non-technical cross-functional teams.
• Ability to communicate diplomatically and effectively at all levels of the organization with all classifications including the very technical
• Proven competence using MS Office and other desktop applications
• Methodical and creative approach to problem-solving
• Excellent verbal and written communication skills
• Strong attention to detail and follow-up

What you can expect:

At Global Relay theres no ceiling to what you can achieve. Its the land of opportunity for the energetic the intelligent the driven. Youll receive the mentoring coaching and support you need to reach your career goals. Youll be part of a culture that breeds creativity and rewards perseverance and hard work. And youll be working alongside smart talented individuals from diverse backgrounds with complementary knowledge and skills.

Global Relay is an equal-opportunity employer committed to diversity equity and inclusion.

We seek to ensure reasonable adjustments accommodations and personal time are tailored to meet the unique needs of every individual.

To learn more about our business culture and community involvement visit .