Product Security Engineer
US Remote @SGNL posted 2 weeks ago in Product Management Shortlist Email JobJob Detail
-
Job ID 962
Job Description
Reporting to the CISO, this member of the Information Security Team will partner with the DevOps and Development teams to help keep SGNL secure.
Key Responsibilities
- Design and optimize processes as part of a secure software development lifecycle and security program
- Implement security infrastructure and automation within cloud environments
- Perform and review findings from manual and automated security assessments
- Respond to security alerts and reports to assess validity, impact, and provide appropriate mitigation or remediation measures
- Perform application and infrastructure architecture reviews to identify potential issues and to conformance with good practices
- Maintain security metrics and reports that convey the state of security health
- Engage with developers and operations teams to consult with, educate, and evangelise practical and achievable good security practices
About You
Candidates will have spent time building, maintaining, and operating components of SSDLC and Cloud Security programs based upon security industry accepted good practices and documented standards. They will be well versed in the relevant threats and how to protect against them. They will be skilled in the art of cooperatively engaging with other teams to achieve positive outcomes that balance managing risk with maintaining velocity and stability.
Experience
- Designed, built, and operated security infrastructure in a DevSecOps, SRE, Cloud Security, or a similar type of role
- Drove adoption of an SSDLC framework and implementation of relevant general principles and practices
- Secured modern cloud-based applications built on AWS, Azure and K8
- Assessed microservice architecture and cloud service providers for threats and developed protection strategies
- Performed security assessments for applications, triaged findings, and developed mitigation or remediation strategies
- Implemented vulnerability management processes and solutions to identify issues throughout the platform, i.e. OS, containers, libraries
- Implemented and tuned SAST, SCA, DAST, and other application VM tools
- Ability to read and understand Go, AngularJS, and other languages, frameworks
- Enhanced and operated SIEMs for cloud environments
- Strong communication skills and can explain complex security issues in understandable terms
- Bias for action and self starter
Good to Have
- Infrastructure as Code (IaC) orchestration via Helm charts, Terraform, Ansible, Bash, and YAML
- Prior usage of common cloud native security tooling, e.g. Defender, Inspect, Sentinel, GitHub Advanced Security
- Familiarity with any CSPM, DSPM, *PM tooling
- Exposure to security standards compliance (e.g. PCI DSS, NIST 800-171, FIPS 140-3) and audits (e.g. SOC 2)
- Familiarity with security program frameworks including NIST CSF, CSA CCM, or ISO 27001, and how to implement relevant application and platform security measures
- Basic understanding of privacy requirements and compliance obligations for a US based company with non-US customers (CCPA, GDPR)
Compensation Information
Final offer will be at the company’s sole discretion and determined by multiple factors, including years and depth of relevant experience and expertise, location, and other business considerations.
- Base salary range for this position: $144,000.00 – $216,000.00 per year
- Eligible to participate in SGNL’s Equity Incentive Plan
Other jobs you may like
-
Associate Product Manager
- @ Clipboard Health
- United States (Remote)