Senior Product Security Engineer

At 8x8 Inc. [Nasdaq:EGHT] we put communications at the heart of our business and build technology that allows people to connect anytime, anywhere they are in the world, and on any device. XCaaS - the 8x8 eXperience Communications Platform - brings together Employee and Customer Experience, enabling hybrid workforces across the globe to connect, collaborate, and delight customers, while providing businesses with real-time communications analytics, intelligence and unique insights.
Learn more on our company website at www.8x8.com and follow our pages on LinkedIn, Twitter and Facebook.
At 8x8 we value security and recognize the importance of ensuring the integrity and confidentially of global communications. We are looking for a Senior Product Security Engineer with a passion for security and technology to help us secure our next generation communication platform. This role is responsible for conducting both source code analysis and dynamic security assessments and working with 8x8 technical teams to remediate any identified security issues.

Responsibilities:

• Perform manual penetration testing and source code review to identify complex vulnerabilities
• Participate in product architecture reviews
• Provide guidance and support for security automation within CI/CD processes and procedures
• Collaborate with engineers and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC)
• Assist with researcher engagement in bug bounty program, validation of reports, and drive timely remediation
• Vulnerability management scanning, prioritizing results, identification of responsible stakeholders, and driving resolution within defined SLA targets

Qualifications:

• 5+ years of experience in information security
• Demonstrated enthusiasm for information security (e.g., GitHub repo, blogs, presentations, conference talks, local security association member, etc.)
• Strong knowledge of web protocols
• Web application testing: e.g. Metasploit, BurpSuite, ZAP
• Well versed in OWASP Top 10 and CWE vulnerability classifications
• Knowledge of SQL injection, XSS, RCE, buffer overflows, filter invasion, and other application-layer attacks
• Familiarity with source code analysis products and validation (Github Advanced Security, Coverity, Veracode, Fortify, SonarQube, etc.)
• Excellent communication and interpersonal skills
• Ability to work independently as well as in a team environment

Nice to have:

• Knowledge of SIP, XMPP, or other VoiP communication protocols
• Experience with cloud architecture (AWS, OCI, GCP)

Working at 8x8:

• Industry leading, award winning technology and recognised on two Gartner Magic Quadrants
• Inclusive, supportive and collaborative culture yet with a winning mentality
• Encouragement and environment to make a difference
• Fun – check out our Instagram posts in the UK, Romania and the US, the smiles are real
• Deep passion for doing the best for our customers, giving them the best service and the best technology

Benefits:

• 25 annual leave days. Additional vacation of 1 leave day for every 2 complete years of employment (max. up to 5 days)
• Bank Holidays (Public Holidays) during the weekend, are observed on weekdays
• Participation in the company’s bonus scheme – based on company performance and individual performance
• Private Pension
• Group Life Insurance 
• Private Healthcare
• Meal Tickets
• Telecom allowance
• Newborn allowance
• Christmas and Easter Allowance
• Flexible Benefits Platform
• Employee engagement activities and events
• Learning and training initiatives
• Flexible working schedule
• Employee Stock Purchase Plan

#LI-RO
For a closer look into what life at 8x8 International and the Cluj office look like check out our Instagram page.
8x8 believes diversity makes our company stronger which is why we are a proud equal opportunities employer and encourage all of our staff to bring their authentic selves to work. We believe in fairness and we believe in security so reserve the right to undertake background checks on anyone that we extend an employment offer to.For European Job Applicants our Job Applicant Privacy Notice can be found here.