Senior Software Security Engineer

ChargePoint
Summary
Join ChargePoint, a leader in the EV charging industry, as a Sr. Software Security Engineer. Build secure products, drive threat modeling, and remediate vulnerabilities. Architect, design, consult, and implement new security paradigms. Collaborate with the Product Security lead on strategy, implement tools, and develop processes. Perform threat assessments and security reviews. Work with engineering teams to implement a security-by-design culture. Guide, advise, and oversee product security controls. Analyze application and service security, discover and address issues, and design security automation. Mitigate emerging threats throughout the SDLC. This role offers career growth and the opportunity to work on large-scale projects in the EV charging space. Define and build secure systems from hardware to cloud.
Requirements
- Experience building relationships with key stakeholders across the business to understand their current and planned product activities (application and embedded)
- Supporting the integration of security standards, controls, policies into the SDLC
- Developing and managing a comprehensive product security training program and promoting security awareness throughout the product team agenda
- Identifying gaps in security design and reviewing proposed application and product architecture with an aim to recommend changes or enhancements
- Experience developing processes and policies to mitigate key product risks
- Performing security assessments, identifying, and mitigating risks through effective tools, processes, training, and guidance. Managing product risk assessments and remediation plans
- Leading internal product meetings to present key product security metrics and risks to senior leadership
- Influence decision-makers and stakeholders to achieve a consistently high security bar
- Lead security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership
- Experience working with engineering teams to design and implement security controls
- Genuine passion for building effective and pragmatic security tools to assess products and services
- 4+ yearsβ experience in designing and implementing application and infrastructure security tools
- Working experience with CI/CD pipeline, containerization and Microservices
- Understanding of security architecture and systems to connect the dots between hardware, embedded systems, cloud infrastructure and platform
- Experience deploying and securing SaaS applications and cloud environments at scale
- Experience in application security across SDLC activities such as threat modelling, secure code review, vulnerability management and penetration testing
- Understanding of different programming languages (C, C++, Java, Python, Go)
- Ability to identify and mitigate product security risks with the ability to understand materiality of risks and prioritize / differentiate response accordingly
- Experience in application security tools covering SAST, DAST, IAST/RASP and OWASP
- Experience building, reviewing, and managing threat models / assessments
- An understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS)
- Experienced in layers of security and the related security threats, exploits and prevention
- Excellent written and verbal communication skills with the ability to influence broad range of stakeholders
Responsibilities
- Build secure products, drive threat modeling, and remediate vulnerabilities
- Architect, design, consult and implement new security paradigms for systems in a rapidly evolving problem space
- Work with Product Security lead on product security strategy, implement tools, architect our product security roadmap, develop process, perform threat assessment and security reviews, and work with engineering teams to implement a security by design culture as part of our product lifecycle
- This role will be responsible for providing guidance, advice, oversight, and implementation of controls on product security matters
- As a Software Security engineer, you will design security controls and help validate that our services, applications, stations, and emerging technologies are designed and implemented to the highest security standards
- You will be responsible for analyzing the security of applications and services, discovering, and addressing security issues, designing security automation, and decisively taking action to mitigate emerging threats throughout a full secure development life cycle (SDLC)
- This role will provide career growth opportunities as you gain new security skills in the course of your work
- You have an opportunity to experiment, learn, build tools, and work with teams building new technology and services at massive scale in the EV charging space
- This will be an amazing opportunity to define and build secure systems from the ground up from hardware to platform to cloud
- The engineer will possess deep technical knowledge and ability and will be tasked with the most demanding projects and design requirements
Preferred Qualifications
- Experience in implementing and managing product security tools
- Experience in the automotive or EV charging industry
- Experience with embedded / hardware security
- Experience with cryptography / encryption / PKI