Sr. Spclst , Cybersecurity Engineering Product Security

About the position

The position requires experience with cloud and container platforms such as AWS, Azure, Kubernetes, and Tanzu/Cloud Foundry. Candidates should have a background in secure software development or Information Security, with a strong desire to learn Application Security. A solid understanding of web browsers, network and web-related protocols, web services, and APIs is essential. Familiarity with application security tools and secure cloud and container concepts is also important. The role demands strong interpersonal skills and a personal drive for continuous growth in Application Security best practices.

Requirements

• Experience with one or more cloud and container platforms such as AWS, Azure, Kubernetes, and Tanzu/Cloud Foundry.
• Experience in secure software development (software/QA/DevOps engineer, etc.) or Information Security, with a strong desire to learn Application Security.
• Understanding of web browsers, network and web-related protocols (TCP/IP, HTTP/HTTPS, SSL/TLS, DNS, SSH, etc.), web services, and APIs.
• Familiarity with application security tools (SAST/DAST/OSS, Mobile, and API security testing, etc.).
• Familiarity with secure cloud and container concepts, associated security risks, and best practices.
• Strong understanding and experience with infrastructure as code tools and platforms, such as Cloud Formation templates and Ansible.
• Understanding of various application models (client-server, desktop apps, mobile, etc.).
• Familiarity with the software development/delivery lifecycle and accompanying technologies.
• Basic understanding of general coding concepts and best practices, and the ability to read code (Python, Java, JavaScript, .NET, etc.).
• Strong interpersonal, networking, influencing, and relationship-building skills, with the ability to navigate cross-culturally with a wide array of stakeholders, internally and externally.
• Personal drive and passion for continuous growth and the advancement of Application Security best practices.

Nice-to-haves

• Understanding of OWASP Top 10 web application security risks (XSS, SQL Injection, etc.) and recommended mitigation strategies.
• Experience with Agile development processes and DevSecOps best practices.
• Standard industry certifications in Application Security, Information Security, Cloud, etc.
• Familiarity with Infrastructure as Code (IaC) and associated security practices.
• Experience with Continuous Integration/Continuous Deployment (CI/CD) pipelines and their security considerations.
• Incident and vulnerability management.
• Experience with securely implementing and managing secrets and cryptography according to industry best practices.

Benefits

• Bonus eligibility
• Long term incentive if applicable
• Health care and other insurance benefits (for employee and family)
• Retirement benefits
• Paid holidays
• Vacation
• Sick days