Senior Product Security Engineer

Summary

Join Red Canary, a cybersecurity company focused on protecting organizations from cyber threats, as a Senior Product Security Engineer. You will collaborate with product teams to enhance our product security program and ensure secure software development. Your expertise will be crucial in crafting and implementing security methodologies throughout the development lifecycle, from design to production. You will work closely with engineers, perform peer reviews, and mentor team members. This role requires at least 5 years of experience in securing enterprise-grade web applications and a strong understanding of web application security issues and standards. Red Canary offers a competitive salary and bonus eligibility.

Requirements

• At least 5 years experience in securing enterprise-grade web applications and services with demonstrated expertise in threat modeling and attack surface analysis
• Solid understanding of common languages such as Ruby, Javascript, Go, etc
• Strong experience in web application security issues and standards (ex. OWASP Top 10, SANS Top 25, etc.)
• Understanding and experience with securing public cloud deployments, including AWS and/or Azure, and serverless architecture
• Familiarity with CI/CD tools and processes, such as GitHub, Travis CI, CircleCI, Docker, and Kubernetes
• Strong foundation in core information security principles and concepts (encryption, authentication, etc.)
• Experience with automated application security tools and technologies (SAST, DAST, SCA etc.)
• Excellent communication skills and the ability to explain sophisticated security topics in simple terms

Responsibilities

• Embed with the product teams and attend regular stand-ups and planning meetings and build positive relationships with key partners
• Serve as the security authority on your product, ensuring the corporate security controls are working as designed, that security requirements are provided to the team before coding begins, and that vulnerabilities are being fixed within their SLAs
• Ensure s-SDLC controls are embedded in your product and serve as control owner for a subset of these controls, mentoring other team members
• Engage in application and domain-specific threat modeling, and attack surface analysis and reduction
• Work alongside engineers, performing peer review and mentoring as needed
• Assist in continuous improvement efforts and serve as a resource for more junior members