Principal Product Security

Summary

Join Business Wire, a Berkshire Hathaway company, as a Principal, Product Security to lead and drive application and cloud security initiatives. You will play a critical role in ensuring the security of products and services, focusing on modern application security and SDLC practices on AWS. Responsibilities include leading security assessments, developing cloud security architecture, integrating security testing into the SDLC, and providing expert guidance on risk management. This role requires 10+ years of experience in modern application security on AWS, extensive hands-on experience with AWS infrastructure, and deep understanding of security testing tools. Strong leadership, communication, and problem-solving skills are essential. Business Wire offers a competitive salary, remote work, excellent health benefits, a fitness allotment, tuition reimbursement, a 401(k) plan, PTO, and more.

Requirements

• 10+ years of experience in modern application security, with a proven track record of securing applications on AWS
• Extensive hands-on experience in designing secure Infrastructure solutions for AWS as well as on-prem applications, demonstrating proficiency in architecting robust and scalable security measures within cloud and on-prem environments
• Deep understanding of security testing tools such as GitHub Advanced Security to encompass Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), utilizing these tools effectively to identify and address potential vulnerabilities proactively
• Extensive experience in application security automation and interjecting security into CICD
• Strong knowledge and expertise in technical assessments, threat modeling, and cloud security architecture
• Hands-on experience with software security best practices, penetration testing, vulnerability management, and remediation advisory
• Demonstrated proficiency in investigating and effectively managing security incidents pertaining to applications operating within AWS and on-prem environments
• Proven ability to lead and moderate company-wide security discussions, fostering effective collaboration and decision-making
• Strong leadership and coaching skills
• Strong problem-solving abilities and a deep understanding of cybersecurity principles and practices
• Excellent communication and presentation skills and the ability to communicate complex security concepts to technical and non-technical stakeholders
• Bachelor’s degree in computer science or related field

Responsibilities

• Lead and drive the application and cloud security assessment and architecture efforts within the organization
• Collaborate closely with leadership to set a long-term vision for the company's product security initiatives, ensuring alignment with business objectives
• Develop and maintain a comprehensive cloud security architecture that meets industry standards and best practices
• Conduct technical security assessments and threat modeling exercises to identify potential risks and vulnerabilities
• Integrate security testing into the SDLC, collaborating with development teams to address security concerns at each phase of the software development process
• Implement and oversee effective application security measures including penetration testing, vulnerability management, and remediation advisory
• Provide expert guidance on risk management strategies and ensure that security requirements are integrated into all aspects of the product development lifecycle
• Assist in incident response activities, investigating and mitigating security incidents related to applications
• Act as a thought partner and collaborate with stakeholders across engineering groups to promote security awareness and foster a strong product security culture
• Lead and coach other security professionals at all levels to ensure successful execution of security initiatives
• Resolve technical challenges for yourself and others, ensuring that security barriers are proactively addressed
• Create guardrails, standards, dashboards, and policies to improve the product security posture and visibility

Preferred Qualifications

Previous software development experience is plus

Benefits

• Ability to work remotely
• Excellent health benefits that begin on your first day of employment
• $100 monthly fitness allotment, a tuition reimbursement program, and enhanced mental health resources
• 401(k) plan with generous company match, and annual profit sharing contribution (subject to company performance)
• PTO, Floating Holidays, Wellness Day Off, Birthday Day Off, and more!