Senior Product Security Engineer
- Employer
- Experis Ireland
- Location
- Limerick
- Salary
- Negotiable
- Closing date
- 27 Sep 2023
Job Details
Senior Product Security Engineer
Salary: €80,000 - €110,000 (DOE)
Location: Ireland, Fully Remote
Job type: Full time -Permanent
Experis are currently recruiting a Senior Product Security Engineer for an excellent client who provides industry-leading compliance, data governance, data leak protection, data retention, and digital rights management capabilities. As they continue to expand, our client is seeking an experienced individual who has a deep software development and security experience and the ability to coordinate and influence other teams to drive the security agenda across the organization.
The successful candidate will lead and coordinate the efforts across the development teams to develop and maintain security protocols resulting in prevention and mitigation of security vulnerabilities across all aspects of the product.
Responsibilities:
Implement and run the Product Security Board
- Build the security board team. This team is tasked with owning all product security decisions.
- Conduct a gap analysis on processes and policies for the software development process.
- Develop threat model for the company.
- Analyse security risks (reported internally or externally) and drive them to resolution with various teams.
- Monitor and recommend product upgrades to be in compliance in meeting the standards that certain 3rd parties have set forth.
- Identify, assess and manage software security tech debt.
- Manage Security hardening team. The security hardening team is made up of developers who are working on analysing existing product code and identify security tech debt.
Implement SSDLC process for the company (working with the dev team leads)
- Review HLD and do security sign off.
- Implement CI/CD pipeline changes to setup security.
- Security training for developers and create guidelines for security best practices.
Security Testing (working with QA and Release teams)
- Develop internal pen testing process- OWASP/ZAP, third party pen testing tools, ethical hacking, Red teaming.
- Coordinate Pen testing and resolutions - Required for each release.
Operations
- Run bug bounty process.
- Run product security ops team for responding to security incidents.
- Communicate clearly on security related technical issues to the organisation.
- Work with the documentation team to draft, review and approve security advisories that must go on the website and emails.
- Professionally handling of customer communication for security related items
- Setup and maintain OKR & KPI metrics related to product security.
Requirements:
- 5+ Years of work experience as software engineer with focus on product security
- Strong experience in software development process with strong software architecture knowledge
- Bachelor's degree in computer science or related field
- Development, scripting, or automation experience - Strong desire in automating your daily workflows to make your day more productive. You are comfortable writing in Python, PHP, or similar scripting languages.
- Strong knowledge of various web-related technologies (such as Web applications, web servers, services, architectures etc.) and of network/web related protocols.
- Familiar with common security libraries, security controls, and common security flaws that apply to PHP applications.
- Familiarity with application security such as OWASP Top 10
- Experience with standard web application security tools such as BurpSuite or similar alternatives
- Experience working with static code analysis tools such as Sonarqube or similar alternative.
- Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc. is a plus.
- Experience with network security and networking technologies and with system, security, and network monitoring tools is a plus.
- Knowledge of Linux Tools/architecture & logging systems
Benefits:
- A competitive salary with an annual bonus
- Dedicated time for training and education opportunities
- A mentorship model wherein your mentor and team support your development.
- Fully remote working whilst offering flexible hours that fall outside of the companywide core hours of 9am -12pm (US Central time zone)
- 20 days of paid time off which increases by a further 5 days after 5 years of service (in addition to 10 public holidays in your country)
- Paid day off on your birthday or on an alternative day if your birthday falls outside a normal working day.
- Paid day off to volunteer with the charity of your choice.
- Paid monthly internet cost and lunch stipend provided.
- Reimbursement of all hardware costs associated with the role.
Company
At Experis (part of ManpowerGroup) global, we operate in over 50 countries worldwide, deploying more than 38,000 skilled professionals across the IT, Science and Engineering sectors every day. Few companies can match our scope, our history of success, or our reputation as the global leader in professional talent and workforce solutions – and that’s why over 80% of the Fortune Global 500 turn to us for the professional talent that will set them apart.
We’re a different kind of talent company. We precisely deliver in-demand talent for mission-critical positions, enhancing the competitiveness of the organisations and people we serve. From interim and permanent recruitment, to managed services and consulting; we deliver high-impact solutions that enable our clients to achieve more than they ever thought possible.
Today, we’re Experis: Ireland’s leading IT resourcing specialist, and the professional resourcing arm of the world’s workforce expert, ManpowerGroup.
Get job alerts
Create a job alert and receive personalised job recommendations straight to your inbox.
Create alert