Product Security Engineer
Think Bigger. Build Smarter. Create Great Software.
Product Security Engineer
Are you a Product Security Engineer looking to work on the project of your career? SmartBear is used by 15 million developers, testers, and operations engineers at 24,000+ organizations. We’re an established company backed by two private equity firms, which means high growth in an Agile environment. We're driven to continue this growth and we want motivated people to help us get there.
Reporting to the Director Information Security, the responsibility of the Product Security Engineer is to be a leader in the delivery of the Application Security program (AppSec). This role will provide technical knowledge and expertise in Secure Software Development Life Cycle practices, working closely with business units, product, development and QA teams to deliver products that are designed, built and tested to be secure.
What you will be responsible for:
The following statements are intended to describe the general nature and level of work to be performed. These are not to be construed as an exhaustive list of all job duties performed by this role.
- Continue to mature the frame work, policies, procedures and awareness: Leads the effort to evolve security standards, procedures, and guidelines for multiple platforms, applications and diverse systems environments as well as evaluating existing information security procedures and identifying new areas of risk. Leads the effort to continuously develop, enhance and implement security training program based on policies.
- Compliance: Identifies regulatory changes that will affect information security policy, standards, and procedures and recommends appropriate changes. Prepares action plan and monitors corrective measures to maintain adequate level of security to meet audit and regulatory requirements.
- Testing and Remediation: Coordinates the efforts, assist in the responses and tracks the remediation of Information Security Program Assessments and Risk Assessment. Coordinated internal and external audits related to Information Security.
- Disaster Recovery:
- Vendor Reviews: Assist with Vendor Security Risk Assessments to determine which vendors have access to confidential information and perform detailed assessment based on the risk.
- RFP response: Assist with technical answers to RFP requests to accurately respond to customer questions regarding the security of our products and services.
Skills that you will possess in order to succeed:
- 3+years’ experience building highly scalable applications/systems
- Exposure and use of automated build processes, source code repository systems and testing suites
- Industry knowledge application security testing and associated tools, security policies, DR procedures & policies, remediation strategies and risk assessment is required
- Familiar with SQL and NoSQL Databases, and knowledge of when to use each and why.
- Experience with data protection & archiving, disaster recovery, business continuity and implementation
- Ability to create documentation that describes technical details in a meaningful manner
- Ability to work across multiple teams from Infrastructure, Legal, DevOps and Executive Leadership
- exposure and use of a security incident and event management solutions (SIEM), experience performing or assisting with security incident response and/or investigation·
- Knowledge of industry and best practices from organizations such as International Standards Organization (ISO), Center for Internet Security (CIS and national Institutes of Standards (NIST) is a plus
- Deep understanding of current and emerging threats, vulnerabilities, and attack vectors used to compromise enterprise and critical infrastructure. Prior experience in developing mitigation strategies to combat those risks is required
- Experience evaluating enterprise network and system architectures to determine recommended security improvementsfor development environments and deployments.
Education Requirements:
- BS in Computer Science or IT related field required
About SmartBear
At SmartBear, we focus on your one priority that never changes: quality. We know delivering quality software over and over is complicated. So our tools are built to streamline your process while seamlessly working with the products you use – and will use. Whether it’s TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr, or one of our other tools, we span from test automation, API lifecycle, collaboration, performance testing, test management, and more. Whichever you need, they’re easy to try, easy to buy, and easy to integrate. We’re used by 15 million developers, testers, and operations engineers at 24,000+ organizations – including world-renowned innovators like Adobe, JetBlue, FedEx, and Microsoft. Wherever you’re going, we’ll help you get there. Learn more at smartbear.com, or follow us on LinkedIn, Twitter, or Facebook.
SmartBear is an equal employment opportunity employer and encourages success based on our individual merits and abilities without regard to race, color, religion, gender, national origin, ancestry, mental or physical disability, marital status, military or veteran status, citizenship status, age, sexual orientation, gender identity or expression, genetic information, medical condition, sex, sex stereotyping, pregnancy (which includes pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), or any other legally protected status.