Senior Product Security Engineer
Salary: €80,000 - €110,000 (DOE)
Location: Ireland, Fully Remote
Job type: Full time -Permanent
Experis are currently recruiting a Senior Product Security Engineer for an excellent client who provides industry-leading compliance, data governance, data leak protection, data retention, and digital rights management capabilities. As they continue to expand, our client is seeking an experienced individual who has a deep software development and security experience and the ability to coordinate and influence other teams to drive the security agenda across the organization.
The successful candidate will lead and coordinate the efforts across the development teams to develop and maintain security protocols resulting in prevention and mitigation of security vulnerabilities across all aspects of the product.
Implement and run the Product Security Board
- Build the security board team. This team is tasked with owning all product security decisions.
- Conduct a gap analysis on processes and policies for the software development process.
- Develop threat model for the company.
- Analyse security risks (reported internally or externally) and drive them to resolution with various teams.
- Monitor and recommend product upgrades to be in compliance in meeting the standards that certain 3rd parties have set forth.
- Identify, assess and manage software security tech debt.
- Manage Security hardening team. The security hardening team is made up of developers who are working on analysing existing product code and identify security tech debt.
Implement SSDLC process for the company (working with the dev team leads)
- Review HLD and do security sign off.
- Implement CI/CD pipeline changes to setup security.
- Security training for developers and create guidelines for security best practices.
Security Testing (working with QA and Release teams)
- Develop internal pen testing process- OWASP/ZAP, third party pen testing tools, ethical hacking, Red teaming.
- Coordinate Pen testing and resolutions - Required for each release.
- Run bug bounty process.
- Run product security ops team for responding to security incidents.
- Communicate clearly on security related technical issues to the organisation.
- Work with the documentation team to draft, review and approve security advisories that must go on the website and emails.
- Professionally handling of customer communication for security related items
- Setup and maintain OKR & KPI metrics related to product security.
- 5+ Years of work experience as software engineer with focus on product security
- Strong experience in software development process with strong software architecture knowledge
- Bachelor's degree in computer science or related field
- Development, scripting, or automation experience - Strong desire in automating your daily workflows to make your day more productive. You are comfortable writing in Python, PHP, or similar scripting languages.
- Strong knowledge of various web-related technologies (such as Web applications, web servers, services, architectures etc.) and of network/web related protocols.
- Familiar with common security libraries, security controls, and common security flaws that apply to PHP applications.
- Familiarity with application security such as OWASP Top 10
- Experience with standard web application security tools such as BurpSuite or similar alternatives
- Experience working with static code analysis tools such as Sonarqube or similar alternative.
- Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc. is a plus.
- Experience with network security and networking technologies and with system, security, and network monitoring tools is a plus.
- Knowledge of Linux Tools/architecture & logging systems
- A competitive salary with an annual bonus
- Dedicated time for training and education opportunities
- A mentorship model wherein your mentor and team support your development.
- Fully remote working whilst offering flexible hours that fall outside of the companywide core hours of 9am -12pm (US Central time zone)
- 20 days of paid time off which increases by a further 5 days after 5 years of service (in addition to 10 public holidays in your country)
- Paid day off on your birthday or on an alternative day if your birthday falls outside a normal working day.
- Paid day off to volunteer with the charity of your choice.
- Paid monthly internet cost and lunch stipend provided.
- Reimbursement of all hardware costs associated with the role.