Job Description

Our Product Security team will coordinate our security efforts across our product, engineering and operations departments. This is an opportunity to join a security team that is supported by a strong internal security community. You will help to build an even more secure security product by which we build trust with our customers and deliver superior protection of their endpoints.

As a Senior Principal Software Engineer, you will work with the engineering and operations teams to:
Serve as the Application Security Engineer for Carbon Black products (cloud and on-premises).
Engage with various engineering teams across Carbon Black to perform security reviews of the architecture, design, and code throughout the SDLC process.
Collaborate with engineering teams to perform threat modeling for the proposed architecture.
Perform technical security assessments of existing and new products and work closely with the engineering teams to ensure that findings are addressed by the engineering team.
Work with product architects to provide remediation and potential fixes for security issues found from pen tests, static (SAST) and dynamic (DAST) code, analysis and provide recommendation on remediation.
Provide technical inputs for security evaluations like SOC 2, GDPR, FIPS, Common Criteria and FedRamp.
Provide remediation recommendation for third-party component vulnerabilities used within Carbon Black products.
Clearly communicate the security plan - including the risks and controls in place for key stakeholders.
Apprise senior management on the product security status.
Research security vulnerabilities in current architecture and communicate mitigation strategies to impacted teams.

What You’ll Bring:
BS in Computer Science or equivalent work experience
7+ years as a security architect, providing security support for SaaS/SaaS-like cloud systems
Experience with platforms used to provide security services in SaaS environments for configuration management, authentication, automation and validation
Understanding of code level scanning tools
Strong communication skills preferred
Experience with docker and container security
Programming Experience as a developer in designing and building cloud, web and SaaS products
Knowledge of various security evaluation and compliance frameworks like FIPS, Common Criteria, NIST, SOC 2, GDPR etc.
Experience with crypto, code signing, IAM and threat modeling

Nice to haves
Understanding of kernel level applications
Experience building and automating security testing
Coding expertise in Java

VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law. ​