Abour the role :
As a Senior Product Security Engineer you would be responsible for all aspects of the security of products Ava delivers from Design, Implementation and Delivery. This includes managing our PSIRT team, helping define and maintain our Secure Software Development Lifecycle in line with our ISO27001 goals and more.
- consulting with vendors of third-party security tools or building our own – whichever makes the most sense in a given context.
- helping guide threat modelling of new features, and helping ensure necessary testing is in place from a security standpoint.
- directly managing the development of said features, and working with product management to ensure they are prioritised.
- coordination of external pentests with our partners and larger customers to add to our internal red teaming.
- driving the pre-existing process to get fixes in place in line with our response targets.
- helping to find and fix issues with the members of the PSIRT team from within the development organisation who have been doing this for several years.
Candidate requirements :
You’ll have had senior roles in the past, have both practical experience in software development as well as excellent people skills and experience with working with cross-functional teams. You will have broad domain knowledge in software security.
– Have led teams, and mentored junior staff.
– Understanding of web security fundamentals.
– Exposure to cloud environments, and their security implications.
– Familiarity with common problems found in software development – and mitigations in different circumstances. Think OWASP Top Ten.
– Understanding of the software build process, static analysis and understanding of the benefits of Continuous Integration.
– Practical understanding of how data is protected at rest and in transit, including the particulars of TLS, PKI, encryption, key management, identity management and RBAC.
– Security engineering experience with Golang and Kubernetes.
– Enthusiastic about writing threat models, and have kept them up to date as projects changed in previous roles.
– Dealing with vulnerabilities when they have been found, including suggesting fixes and identifying process failures that led to vulnerabilities being present.
– Incident management experience.
Nice to haves
– Comptia Security+ / CISSP or equivalent.
– Use of Kubernetes.
– Experience with Google Cloud and GKE.
– Exposure to hardware security and trusted computing.
– Technical Writing / Public Communication.
– Experience in Go.
– Experience in Linux.