Sr. Product Security Leader (Remote)
United States
Nielsen
A global leader in audience insights, data and analytics, Nielsen shapes the future of media with accurate measurement of what people listen to and watch.ABOUT THIS JOB Nielsen, the leading company in advertising measurement and outcomes, is searching for an exceptional candidate to support assigned product lines as a Sr. Product Security Leader. As Nielsen constantly innovates to maintain its leadership in an ever-evolving marketplace, its Sr. Product Security Leader will ensure that Nielsen's platforms and applications are built securely.
The Product Security Leader (PSL) facilitates secure software development and cloud security through strong integration and "shifting left" of best security practices in the DevSecOps lifecycle. This role will identify component and system level technical risks and evaluate critical failure points, determine technical security controls to mitigate risks, and work with cross functional teams to implement features according to product road maps.
A strong candidate for this role will need to maintain a deep understanding of evolving business needs, build a culture of security in software engineering, and partner with DevOps teams to productize scalable security controls.
Responsibilities - Product Security Leader
- The Sr. Product Security Leader will execute Nielsen’s security strategy for our go-to-market products and platforms. In joint collaboration with Product Leadership, DevOps, Engineering, and Data Science teams, the PSL is accountable for building security into assigned product lines including:
- Identification and management of product security risks in the Measurement product portfolio
Job Description
- Working with the devops and systems teams to identify the right security architecture for implementing new solutions, products and modules.
- Development, implementation, and maintenance of a product security strategy for key portions of the Measurement product portfolio including
- Implementation of software security controls including static and dynamic security analysis measures throughout the software development lifecycle.
- Partnership with the Security Operations Center (SOC) to establish visibility, logging, and monitoring capabilities.
- Defining scalable Cloud Security architectural patterns and templates.
- Enhancing Cloud Security posture through tooling, automation, and other means.
- Developing Cyber risk profiles for each Nielsen product in the portfolio that include risk mitigation strategies.
- Ensuring that product teams are effectively and actively managing vulnerabilities throughout the technology stack.
- Providing expert cybersecurity consulting to internal Nielsen teams
Cybersecurity as a Product
- Nielsen is committed to a DevOps culture where best security practices are integrated, understood, and thrive--resulting in true DevSecOps. This is achieved through the utilization of modern technologies to automate security controls. As a Cloud-first organization, we operate and develop in an ecosystem where deployment and CI/CD pipelines can embed security measures that can achieve speed and scalability through technology.
- The Sr. Product Security Leader will lead product security key product lines for Measurement and collaborate with teams to:
- Build “security as code” that prevents and automates away common cloud misconfigurations based upon insights from Cloud Posture Management tools.
- Build “Known Secure” reusable components (such as common authentication, for example) that enable engineering teams to quickly bring products to markets efficiently
Engineering and Developer Partnership
- To effect and maintain a culture of security within Nielsen’s engineering, technology, software development, business and operations teams,
- the Sr. Product Security Leader with the Product Security team must:
- Maintain an open, collaborative, and consultative culture supported by outreach and education.
- Earn trust for not only from internal organizations, but from clients and partners as it pertains to Nielsen’s cybersecurity practices and application security.
- Partner with teams early and proactively.
- Share knowledge and actively bridge relationships into other verticals in the Cybersecurity organization
Qualifications
- BS in a technical discipline with 5-years of experience or equivalent experience without a degree.
- Demonstrated expertise in product/application security architecture, network security, application security, cloud SaaS/PaaS/IaaS.
- Experience with SAST, DAST, SCA and penetration testing tools.
- In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10, IoT Top 10, and CWE Top 25.
- Meaningful experience in multiple programming languages.
- Understanding of application and product architectures, programming languages, web application stacks, and SDLC pipelines.
- Excellent written and verbal communication skills, with the ability to communicate security objectives and concepts to engineering and business teams.
- Strong interpersonal skills; capable of understanding business needs and translating them into architectural standards/diagrams; able to translate complex data and architectural concepts and principles into easily-understanding information by LOBs; ability to design and deliver architectural presentations to IT, senior leadership, and business partners.
- Must have proven experience communicating with, and influencing senior business and technology leaders.
- Bias for action
Preferred Qualifications
- Deep understanding of security for computing platforms across a Hybrid Cloud Environment (IaaS, PaaS, SaaS, legacy on-prem models).
- Industry related certification such as Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Ethical Hacker (CEH), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Security Professional (CISSP) are valued.
- Experience with wireless technologies such as CDMA, E-HRPD, GSM, UMTS, TDS-CDMA, LTE-FDD / LTE-TDD, and 5G experience with Android RIL, Telephony, C and Embedded RTOS.
- General cyber security with sufficient knowledge of modern DevSecOps technologies such as: Containers (Docker, Kubernetes, etc.)Infrastructure as code (Docker, Ansible, Chef, Terraform, etc.)Continuous integration / Continuous Deployment (Jenkins, etc.)Integration of Security testing tools into pipeline. Defect and Issue tracking (Jira, ServiceNow etc.)Source code management (GitLab, Github, BitBucket, etc.)QA Testing tools (nUnit, jUnit, Selenium, Cucumber, etc.)Application security testing tools (SAST, DAST, IAST, OSA, etc.)Cloud Posture Assessment Tools.Cloud configuration Drift Detection.Unix, Linux, and Windows Cloud environment (AWS, Azure, GCP, etc)
Tags: Android Ansible Application security Automation AWS Azure Bitbucket C CEH CI/CD CISA CISM CISSP Cloud CRISC DAST DevOps DevSecOps Docker GCP GitHub IaaS IAST Jira Kubernetes Linux Monitoring Network security OWASP PaaS Pentesting Product security SaaS SAST SDLC Security analysis Security strategy SOC Strategy TDD Terraform UNIX Vulnerabilities Windows
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs