Product Security Engineer

Remote

Applications have closed

LULA

This is my website description.

View company page

The Product Development team at Lula is growing and we are looking to bring on a Product Security Engineer. The role will focus on collaborating closely with the rest of Product Development team to implement a Secure Software Development Lifecycle from planning and design through monitoring and responding in production.

As a member of the team, the Product Security Engineer will be responsible for helping to develop and mature the Application Security Program at Lula.

What you'll be doing: 

  • Architect and develop cloud-based security capabilities, focusing on Identity and Access Management (IAM), Data Encryption and Protection, Network Security, and Cloud Platform Security. Research emerging security technologies and propose innovative, cutting-edge solutions to improve LULA’s security posture and capabilities continuously
  • Serve as a vulnerability management SME
  • Create and maintain scan profiles for automation application scanning tools
  • Review vulnerability scan results and track closure of vulnerabilities
  • Produce and track security metrics
  • Support the secure development and testing of critical application areas
  • Mentor and educate product development and quality engineers on secure development
  • Monitor and review CVEs, industry developments, and provide inputs for continuous improvements
  • Work with internal audits, IT Governance, IT Compliance and other key stakeholders on specific projects
  • Develop and maintain enterprise security libraries, components, best practice checklists, and perform application security risk evaluation
  • Partner with key stakeholders to further enhance application security CI/CD pipeline and continually assess security posture for improvement

What you'll bring: 

  • Bachelor’s and/or Master’s Degree or equivalent in Information Security, Engineering, Computer Science or related field
  • 5+ years of combined Application Development and Security Engineering or Security Architecture experience
  • Developer with strong application security acumen, hands-on experience with security design reviews and threat modeling
  • Experience using Application Security Code Scanning tools
  • Knowledge of secure coding best practices, secure SDLC, secure architecture, and operations
  • In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them
  • Experience working with security of application developed in .NET, Nodejs, and web (HTML/CSS/JS, Vuejs/React, REST) technologies
  • Experience creating and managing policy, processes and procedure documents
  • Strong analytical, interpersonal and communication skills
  • Ability to train and mentor agile development teams
  • Relevant industry security certification preferrred

At LULA, we're a people-first organization that does right by our customers and our employees. In order to build insurance infrastructure that works for all modern businesses, we want LULA to reflect the diversity we're working to serve. We encourage everyone interested in our purpose to apply. We do not discriminate on the basis of race, gender, religion, sexual orientation, age, or any other trait that unfairly targets a group of people.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Agile Application security Audits Automation CI/CD Cloud Compliance Computer Science Encryption Governance IAM Monitoring Network security Node.js OWASP Product security SDLC Vulnerabilities Vulnerability management

Region: Remote/Anywhere
Job stats:  20  5  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.