Principal Product Security Engineer

• Create technical documentation around the security of a product including threat modeling and interface architecture, Data Protection Impact Assessment, and Product Security whitepapers
• Work collaboratively with the product development teams to establish information security requirements, plans, and policies
• Establish governance around vulnerability management in products
• Assist in responses to and recovery from a security breach in conjunction with other team members and business units
• Use tools (Tenable Nessus, Fortify, Coverity, etc.) to scan for and test possible product vulnerabilities
• Stay ahead of and advise about industry zero day discoveries and react to assess products
• Work collaboratively with product teams on annual SOC2 and HiTrust audits for products
• Investigate security breaches
• Participate in project planning and scoping of security related deliverables and activities
• Assess 3rd party and off the shelf components for secure use.

• Bachelor’s degree in Computer Science or a related field desired
• 5+ years of secure software development life-cycle experience
• Solid understanding of application security throughout the software life-cycle
• Experience in addressing OWASP Top 10 vulnerabilities
• Experience developing or analyzing secure coding practices with technologies such as ASP.Net (C#), SQL Server, HTML, C++
• Strong technical writing skills
• Familiarity with the privacy by design framework
• Experience with Threat modeling methodologies like STRIDE, DREAD, LINDDUN, or PASTA
• Experience performing security risk assessments and the ability to communicate impact of risk
• Experience analyzing and documenting possible vulnerabilities found during development
• Familiarity with industry standards and guidance such as IEC TR 80001, NIST 800-53, ISO IEC 27001 & 27002, etc.
• Expertise in designing secure networks, systems, and application architectures
• Certification in security such as CAP, CSSLP, or equivalent desired but not required
• Keen attention to detail, critical thinking and analytical abilities
• Proven interpersonal and communication (verbal, written, presentation) skills.

Certification in security such as CAP, CSSLP, or equivalent desired but not required.

• Support for Parents
• Continuing Education/ Professional Development
• Employee Health & Well-Being Benefits
• Paid Time Off
• 2 Days a Year to Volunteer
• Medical and dental coverage that start on day one
• Insurance coverage for basic life, accident, short-term and long-term disability, and business travel accident insurance
• Employee Stock Purchase Plan (ESPP)
• 401(k) Retirement Savings Plan
• Flexible Spending Accounts
• Educational assistance programs
• Paid holidays
• Family and medical leaves of absence
• Paid parental leave
• Commuting benefits
• Employee Discount Program
• Employee Assistance Program (EAP)
• Childcare benefits.