Product Security Engineer
Remote
Applications have closed
The Product Development team at Lula is growing and we are looking to bring on a Product Security Engineer. The role will focus on collaborating closely with the rest of Product Development team to implement a Secure Software Development Lifecycle from planning and design through monitoring and responding in production.
As a member of the team, the Product Security Engineer will be responsible for helping to develop and mature the Application Security Program at Lula.
What you'll be doing:
- Architect and develop cloud-based security capabilities, focusing on Identity and Access Management (IAM), Data Encryption and Protection, Network Security, and Cloud Platform Security. Research emerging security technologies and propose innovative, cutting-edge solutions to improve LULA’s security posture and capabilities continuously
- Serve as a vulnerability management SME
- Create and maintain scan profiles for automation application scanning tools
- Review vulnerability scan results and track closure of vulnerabilities
- Produce and track security metrics
- Support the secure development and testing of critical application areas
- Mentor and educate product development and quality engineers on secure development
- Monitor and review CVEs, industry developments, and provide inputs for continuous improvements
- Work with internal audits, IT Governance, IT Compliance and other key stakeholders on specific projects
- Develop and maintain enterprise security libraries, components, best practice checklists, and perform application security risk evaluation
- Partner with key stakeholders to further enhance application security CI/CD pipeline and continually assess security posture for improvement
What you'll bring:
- Bachelor’s and/or Master’s Degree or equivalent in Information Security, Engineering, Computer Science or related field
- 5+ years of combined Application Development and Security Engineering or Security Architecture experience
- Developer with strong application security acumen, hands-on experience with security design reviews and threat modeling
- Experience using Application Security Code Scanning tools
- Knowledge of secure coding best practices, secure SDLC, secure architecture, and operations
- In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them
- Experience working with security of application developed in .NET, Nodejs, and web (HTML/CSS/JS, Vuejs/React, REST) technologies
- Experience creating and managing policy, processes and procedure documents
- Strong analytical, interpersonal and communication skills
- Ability to train and mentor agile development teams
- Relevant industry security certification preferrred
At LULA, we're a people-first organization that does right by our customers and our employees. In order to build insurance infrastructure that works for all modern businesses, we want LULA to reflect the diversity we're working to serve. We encourage everyone interested in our purpose to apply. We do not discriminate on the basis of race, gender, religion, sexual orientation, age, or any other trait that unfairly targets a group of people.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security Audits Automation CI/CD Cloud Compliance Computer Science Encryption Governance IAM Monitoring Network security Node.js OWASP Product security SDLC Vulnerabilities Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs