Senior Product Security Engineer
Outreach.ioThe Outreach Sales Engagement Platform helps efficiently and effectively engage prospects to drive more pipeline and close more deals. Request a demo…
About The Team
Do you have a passion for securing cloud-native environments? Are you interested in creating and defining industry-leading standards and patterns? Would you like the opportunity to work with a world class engineering team, to train, mentor, and grow a security oriented development culture? Outreach’s needs Sr. Product Security Engineers who can work with our product engineering teams to create security features and functions, as well as set the standards and direction for our cloud-native, continuous-deployment application security program.
The ideal candidate has the skills of an application security engineer, with a background in development or engineering as well as deep understanding of application security vulnerabilities and mitigations. However, this is a role focused on building, rather than breaking -- instead of penetration testing and security review, this role focuses on researching current security threats and mitigations, and finding ways to apply those to our service portfolio and Secure Development Lifecycle. The ideal candidate enjoys talking to customers and will take ownership of the ongoing improvement of the processes and technical security controls used by our engineering teams to securely develop industry leading products, while also driving security-related product feature work.
Starting day one, you will be working with product managers and engineering partners from across our organization, and at times, directly with our customers. You will help train and collaborate with PMs and engineers to design and implement the processes into our CI/CD pipeline to reduce the chance of vulnerabilities in our production code. You will help develop a mix of technical/engineer focused training and awareness materials, contribute to coding standards, and produce position papers and technical specifications for security mitigations and features.
The primary focus areas for this position are:Technical Fluency - A passion for security and technology, familiarity with DevOps methodology and containers, SaaS and cloud security solutions and standards, and microservice architectures.
Advisory Skills - Giving direction, advice and support that helps grow the technical and collaboration skills of the individuals and teams with which they engage.
Execution - Planning, coordination, managing dependencies and risks, diving deep when issues arise. Ability to work with people and drive a program to completion is a must.
Location: This role is in London (hybrid or remote).
Your Daily Adventures Include
- Develop, document and manage the security standards and design patterns used by all engineers to deliver consistent, secure features and code.
- Research the threat landscape, regulatory considerations, and customer requirements applicable to Outreach’s business and recommend security solutions to address known (and potential) threats and risks by identifying and implementing appropriate engineering security requirements.
- Participate in customer calls to both partner and educate on how to best secure the Outreach platform.
- Conducting Threat Models and training engineers to use threat modeling concepts and other standard evaluation practices to identify and prioritize risk potential vulnerabilities and in collaboration define possible mitigations.
- Ensuring cross company collaboration by establishing a strong partnership between security and engineering teams with the overarching goal of improving trust of Outreach and its products.
Our Vision Of You
- A minimum of 3 years experience as a senior or principal application security engineer or architect
- Extensive information security development program experience including the threat models, secure coding best practices, finding vulnerabilities and secrets in code, and coordinating appropriate remediations in a cloud native SaaS environment. Knowledge of the modern application vulnerability and mitigation landscape is essential.
- Experience creating reference architectures, engineering specs, and data flow diagrams - experience building customer-facing content a plus.
- Experience performing code review for security vulnerabilities.
- Demonstrated success working with engineers and technologies in cloud native, devops environments (including CI/CD pipelines, microservices, and infrastructure as code).
- Significant experience in partnering and collaborating with individual engineers, as well as creating formal documentation assets to summarize and represent program effectiveness to executive leadership.
- Experience evaluating, selecting and implementing third party programs and services to support a successful SDL program.
- Experience training and mentoring peers with application security skills and best practices.
- Excellent interpersonal and management skills.
- Strong written and verbal communication skills --experience working with customers, customer marketing or customer support teams a plus.
- Ability to work flexibly and independently to achieve results within the dynamic Outreach culture.
● Highly competitive salary● Amazing open area working space with a gorgeous rooftop in the heart of Shoreditch● Hybrid working policy● Dog friendly office● 25 days holiday + 8 bank holidays + 12 Refresh Days*● *1 personal refresh day off per month for mental health awareness, according to the schedule of the department [play full out / rest full out]● Outreach contributes with monthly contribution towards your pension● Private medical care for employee and spouse/family with Program Health Plus● Cashplan is offered through Medicash to help offset out of pocket medical related expenses● Dental coverage● Life insurance at 4x annual salary● 16 weeks of annual top up maternity leave pay or 12 weeks of fully paid paternity leave● Upon return to work from parental leave, parents will receive a stipend to use for doula and food delivery to be used in the first six months after birth● Opportunity to be part of company success via equity programme● Company-organised and personal paid volunteer days to support the community thatsupports us● Diversity and inclusion programs that promote employee resource groups like OWN(Outreach Women’s Network), AAPI, Rainbow (LGBTQIA+), Gender+, LatinX, OBX (Outreach Black Excellence), Disability Community, and Veterans● Employee referral bonuses to encourage the addition of great new people to the team● Fun company and team outings because we play just as hard as we work
* Salary range is an estimate based on our salary survey at salaries.infosec-jobs.com
Other jobs like this
Detection and Response, Security EngineerAndroid Automation Forensics Incident response iOS Linux Machine Learning MacOS Malware Network security +3
401(k) matching Career development Competitive pay Fertility benefits Flex vacation +7
Engineering Manager - Application SecurityApplication security Audits Automation Incident response Monitoring Penetration testing R&D Risk assessment Security assessments SIEM +3
Career development Competitive pay Equity Flex hours Flex vacation +5
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Senior DevSecOps Engineer jobs
- Open Penetration Tester jobs
- Open Security Operations Analyst jobs
- Open Senior Security Analyst jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Head of Information Security jobs
- Open SOC Analyst jobs
- Open Offensive Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Information System Security Officer (ISSO) jobs
- Open Sr. Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Information Security Analyst jobs
- Open Cloud Security Operations Lead jobs
- Open Security Engineer II jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Security Consultant jobs
- Open Incident Response Manager jobs
- Open GCP-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open Analytics-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Audits-related jobs
- Open Clearance-related jobs
- Open PCI-related jobs
- Open Agile-related jobs
- Open Threat intelligence-related jobs
- Open OWASP-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open CISM-related jobs
- Open Ruby-related jobs
- Open Governance-related jobs
- Open DevSecOps-related jobs
- Open CISA-related jobs
- Open Open Source-related jobs
- Open ISO 27001-related jobs
- Open Encryption-related jobs
- Open Security assessments-related jobs
- Open GDPR-related jobs