Overall Purpose

This position consults with project management, product management, product development, and engineering teams to enable them to build and enhance security in products and services in line with industry standards. This position is highly technical and will lead Product Security efforts in maturing our product security program, mentor others, and be a hands-on partner to our product teams to deliver innovative and secure products to our customers.

Essential Functions?

• Lead efforts for development and implementation of repeatable application security architecture patterns working with internal and external partners.
• Develop Threat Models, design and develop Security architectures, and publish reference architecture/patterns implementations for products.
• Document and present risks and security issues that could impact the confidentiality, integrity and/or availability of the business (both internally and externally) by assisting in documentation, tracking and creating solutions for mitigation.
• Design and implement Security technology and security control design proof of concepts and implementations.
• Provides technical guidance and foster a collective understanding of secure development and deployment of products and infrastructure
• Works with architecture teams to ensure that all newly developed and legacy applications and infrastructure implementations are in line with security policy and are compliance to the required frameworks (ISO, PCI, OWASP, NIST 800-53, etc.)

Minimum Qualifications

• Bachelor’s degree in Computer Science, Engineering, Math, or Physical Science
• Minimum of 6 or more years of related experience in application security, Security Architecture, or Information Security experience.
• Application development and/or Software Security background.
• Expertise in Threat Modeling and control implementation.
• Hands-on experience with a diverse range of cloud security technologies and access management, Kubernetes, mitigation, encryption technologies, security information, threat management, and infrastructure as code (IaC).
• Able to work with both technical and business stakeholders to design solutions that bring optimal security posture to products and infrastructure.
• Working knowledge of one or more programming/script languages including but not limited to Java, C/C++, and Python.

Preferred:

• Experience working in a highly regulated fast-paced environment
• Synk and Fortify
• Jira, Agile, Confluence
• AWS, Kubernetes, Containers