Senior Product Security Engineer

Summary

Join Perforce's Information Security Team as a Senior Product Security Engineer. You will play a vital role in ensuring the security of our products throughout their lifecycle. Collaborate with product and engineering teams to integrate security controls into the software development process. This hands-on position requires expertise in secure development, DevSecOps, and shift-left security principles. You will conduct code reviews, security testing, threat modeling, and risk assessments. The ideal candidate will have 5+ years of experience in product security and strong communication skills.

Requirements

• 5+ years of experience in product security, with a deep expertise in secure product development
• Experience with security assessments, security design reviews, or threat modeling
• Strong understanding of security engineering, information security best practices, and DevOps
• Excellent communication skills, with the ability to influence others
• Experience in risk assessment, threat modeling, code review, data analysis, or static code analysis
• Ability to lead cross functional project teams in a technical capacity or lead technical risk analysis in an enterprise environment

Responsibilities

• Mature and implement product security procedures aligned with the company's business objectives
• Collaborate with product and engineering teams to integrate security controls at every stage of the software development life cycle
• Conduct thorough code reviews to identify and remediate security vulnerabilities
• Perform regular testing to assess the security posture of our products and infrastructure
• Develop and maintain threat models to identify potential security risks and guide mitigation efforts
• Continue to foster a culture of security awareness, including the education and training of developers on secure coding practices
• Drive the adoption of automated security tools and processes to enable shift-left security practices
• Conduct regular risk assessments and audits to ensure compliance with internal and external security standards
• Participate in incident response and retrospective activities, ensuring that lessons learned are incorporated into product development practices
• Communicate effectively with teams, management, and clients about security concerns and best practices
• Assist in the management of third-party risks by tracking vulnerability assessment results and ensuring effective remediation
• Monitor advancements in information security technologies and programmatically incorporate them into the internal environment