Senior Product Security Engineer

Senior Product Security Engineer 

Looking for an innovative, high-growth company in one of the hottest segments of the security market?  Look no further than Veracode!

Veracode is recognized as a premier provider of SaaS-based application security solutions, transforming the way companies secure applications in today’s software driven world. We provide our customers with a solid foundation on which to build security into their modern agile development processes. Learn more about us at www.veracode.com!

Description

The Senior Product Security Engineer works with internal product teams to secure Veracode’s product portfolio. A part of the Security Research organization, the Product Security team's primary charter is to help engineering teams throughout Veracode secure their software.

Key Aspects of the Role:

• Design, implement, and support development team adoption of innovative approaches to Product Security in an agile development process
• Assist development teams with tracking, triaging, and addressing security issues revealed by various forms of application security testing.
• Review internally developed code for basic and advanced security issues as part of an agile development process.
• Conduct comprehensive security reviews and threat modeling for new and existing software products
• Develop, maintain, and document internal libraries that provide common implementations of critical security controls.
• Lead technical investigations and engineering team response to security advisories, including those for third-party components, as part of a Product Security Incidence Response Team.
• Develop and deliver customized application security training materials for a developer audience.

What You'll Need:

You should love tackling difficult problems, and you should be able to learn new things quickly and independently. You will be asked to understand the security posture and attack surface of products and development frameworks that you’ve had limited experience with. It’s also crucial that you’re an effective communicator, as you’ll collaborate frequently with engineers to guide them in understanding and addressing security issues.

You’ll also need:

• Expert understanding of fundamental security concepts with a focus on application security in particular.
• Fluency with the OWASP Top 10 and other common vulnerabilities, in-depth knowledge and understanding of attack and exploit techniques, and ability to define appropriate countermeasures.
• Compassion for developers. Security and Engineering work together towards common goals at Veracode and not against each other.
• A “breaker” mentality – Veracode is defense-oriented, but offensive-minded engineers bring a useful and necessary perspective. The ability to assess the unintended behaviors in addition to the intended behaviors of a piece of software is extremely important.
• Practical application security work experience and/or practical software development experience.
• Stays current with new and evolving security topics and technologies via formal training and self-directed education.
• Prototyping ability – the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility.
• Familiarity with the Java/J2EE language and modern web development including JavaScript (e.g. AngularJS, React, Node.js, etc.). Familiarity with git, modern CI/CD pipelines, Docker, Kubernetes, python, and .NET.
• Strong knowledge of incident response and vulnerability management.
• Strong analytical skills as proven by a track record of analyzing and fixing complex problems in products and processes.
• Experience operating and driving projects to completion in a self-directed manner.
• Experience working effectively in cross-functional teams.
• Excellent attention to detail and strong communication skills including technical writing.
• Highly proficient at Microsoft Office; strong analytical skills (Excel or other tools) along with ability to communicate complex findings effectively both verbally and in writing.
• Bachelor's degree and a minimum of 5 years of experience in a related field or industry such as high tech, software, or a SaaS provider.