Jr. Product Security Engineer (Remote)
United States
Nielsen
A global leader in audience insights, data and analytics, Nielsen shapes the future of media with accurate measurement of what people listen to and watch.Nielsen, the leading company in advertising measurement and outcomes, is searching for an exceptional candidate to build security into our products as a Product Security Engineer. As Nielsen constantly innovates to maintain its leadership in an ever-changing marketplace, this leader will ensure that Nielsen's platforms and applications are built securely.
The Jr Product Security Engineer supports secure software development and cloud security through application of security engineering techniques to improve product security posture. This role will support engagements with product teams focused on identifying component and system level technical risks and evaluating critical failure points. They will determine technical security controls to mitigate risks and work with cross functional teams to implement features according to product road maps.A strong candidate for this role will need to maintain an understanding of dynamic business needs, laser-focus on clear, tangible outcomes, and partner with DevOps teams to productize scalable security controls.
Product and Platform SecurityThe Jr Product Security Engineer will serve to help identify security weaknesses in product designs. In joint collaboration with Product Leadership, DevOps, Engineering, and Data Science teams, the Engineer is accountable for delivering high quality security engineering capability including:
Responsibilities
- Conducts application and product security reviews including code reviews.
- Perform vulnerability analysis of applications, operating systems or networks.
- Identifies, documents, and communicates design flaws in products.
- Provide leadership for application vulnerability scanning and penetration testing remediation.
- Manage integration with vulnerability check tools such as Static and Dynamic Application Security Testing tools.
- Discover security exposures and develop mitigation plans, and also report and fix the technical debt.
- Actively participate in security initiatives with moderate supervision.
- Evolve into a subject matter expert for security solutions within the organization’s platform.
- Contribute to requirement gathering with product teams.
- Work together with cross Business Unit teams on executing standardized security solutions and integrations.
- Partake in inner sourcing initiatives within the organization.
- Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities
Cybersecurity as a Product
- Nielsen is committed to a DevOps culture where best security practices are integrated, understood, and thrive--resulting in true DevSecOps. This is achieved through the utilization of modern technologies to automate security controls. As a Cloud-first organization, we operate and develop in an ecosystem where deployment and CI/CD pipelines can embed security measures that can achieve speed and scalability through technology. The Jr Product Security Engineer will play a supporting role in delivering superior services and collaborate with teams to:
- Support a service delivery strategy for product security evaluation and testing including continuous improvement, quality, and customer satisfaction.
- Providing software/application cybersecurity consulting to internal Nielsen teams
Engineering and Developer Partnership
- To effect and maintain a culture of security within Nielsen’s engineering, technology, software development, business and operations teams, the Jr Product Security Engineer must:
- Maintain an open, collaborative, and consultative culture supported by outreach and education.
- Partner with teams early and proactively.
- Share knowledge and actively bridge relationships into other verticals in the Cybersecurity organization
Qualifications
- Understanding of software and application security concepts Understanding of software development, DevOps, incident response, digital forensics, reverse engineering, and/or automation.
- Experience or knowledge of utilizing application security tools and techniques.
- Understanding of threat attacks, exploitation and data exfiltration.
- Experience or knowledge of identifying and managing web application and web service security vulnerabilities including those found in the OWASP Top 10, IoT Top 10, and Sans Top 25.
- Understanding of application and product architectures, programming languages, web application stacks, and S-SDLC.
- Excellent written and verbal communication skills, with the ability to communicate security objectives and concepts to engineering and business teams.
- Strong interpersonal skills; capable of understanding business needs and translating them into architectural standards/diagrams; able to translate complex data and architectural concepts and principles into easily-understanding information by LOBs; ability to design and deliver architectural presentations to IT, senior leadership, and business partners.
- Action-oriented with the ability to set priorities and direction
Preferred Qualifications
- Experience or understanding of product security.
- Service delivery experience in a large product organization.
- Experience or understanding of product/application security architecture, network security, application security, cloud SaaS/PaaS/IaaS.
- Relevant certifications.
- General cyber security expertise with sufficient knowledge of modern DevSecOps technologies such as: Containers (Docker, Kubernetes, etc.)
- Infrastructure as code (Docker, Ansible, Chef, Terraform, etc.)Continuous integration / Continuous Deployment (Jenkins, etc.)Integration of Security testing tools into pipeline.
- Defect and Issue tracking (Jira, ServiceNow etc.)Source code management (GitLab, Github, BitBucket, etc.)QA Testing tools (nUnit, jUnit, Selenium, Cucumber, etc.)
- Application security testing tools (SAST, DAST, IAST, OSA, SCA etc.)Cloud Posture Assessment Tools.
- Cloud configuration Drift DetectionUnix, Linux, and Windows Cloud environment (AWS, Azure, GCP, etc)
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Ansible Application security Automation AWS Azure Bitbucket CI/CD Cloud DAST DevOps DevSecOps Docker Exploits Forensics GCP GitHub IaaS IAST Incident response Jira Kubernetes Linux Network security OWASP PaaS Pentesting Product security Reverse engineering SaaS SANS SAST SDLC Strategy Terraform Vulnerabilities Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs