Sr. Product Security Engineer (Testing)

As an engineer on the Product Security Team, you will be responsible in identifying security vulnerabilities within customer-facing software products. You will work with internal development teams to review source code and audit custom functionality built on top of our clients platform. A key part of this position is to effectively communicate issues to the application owners, provide meaningful remediation recommendations, and validate that they have been resolved.

‍

‍

• Provide software auditing services to internal teams to discover, communicate, and recommend remediation activities for software vulnerabilities.
• Evaluate architecture design, identify threats, and document risk.
• Work with third-party vendors on security testing.

‍

• 7+ years of experience in web application security auditing including code review.
• 5+ years of experience in threat modeling and threat modeling tools.
• Developer level proficiency in Java and JavaScript.
• In-depth knowledge of common web application vulnerabilities (OWASP Top Ten)
• Strong understanding of web and mobile application security assessment techniques.
• Knowledge of static and dynamic security analysis tools.
• Knowledge of the Security Development Lifecycle (SDLC).
• Ability to deliver technical reports and communicate technical concepts to both non-technical business users as well as technical stakeholders.
• A passion for security.

‍