[TMP] (Senior) Product Security Engineer
Remote -
Netguru
Europe’s finest custom software development company. More than 10 years of experience, over 630 developers and designers specializing in software development, mobile development and product design.Our mission at Netguru is to help entrepreneurs and innovators shape the world through beautiful software. We care about trust, taking ownership, and transparency. As a Certified B Corporation®, we offer a safe, inclusive and productive environment for all team members, and we’re always open to feedback. If you want to work from home and be a full time employee, great! We want to create the right opportunities for you.
Working with Netguru means:
- Consulting for commercial clients
- Building a security strategy for the product based on requirements and an agile development approach;
- Implementation of Security in Software Development LifeCycle (S-SDLC)
- Assessment and hardening of CI/CD pipelines and Cloud-based infrastructures
- Support of project teams in implementing the best security practices in the design, development, and maintenance of web and mobile applications;
- Conducting security audits, assessments of web, cloud-based applications and systems
- Helping with implementation of security supporting tools (i.e. vulnerability scanners, SAST, DAST, Web Application Firewalls, Anti-DDoS IDS/IPS, etc.)
- Performing security incident analysis, response, and remediation for Cloud-based Web Applications;
- Educating other members of project teams;
Requirements
- Experience in applying best security practices in cloud infrastructure with a focus on cloud-native solutions.
- Experience with security in web applications;
- Experience in security assessment of web applications (vulnerability analysis, pentesting tools).
- Good knowledge of the CI/CD process and automation combined with its security assessment;
- Experience in working with SAST, DAST, and/or vulnerability scanners.
- Ability to conduct risk analysis and threat modeling based on known types of vulnerabilities and attacks on web applications.
- Familiarity with tools used in secure software development processes and secure coding practices (eg. OWASP ASVS, Proactive Controls, etc.).
- Good command of written and spoken English (at least B2+).
Nice-to-haves:
- Experience with Linux administration, Docker, and cloud solutions like AWS or Azure
- Experience working with tools such as WAF, VPN, SAST and DAST, vulnerability scanners, patch-level verifiers, etc.
- Experience with development teams;
- Technical security certifications
- Experience in pentesting
- Experience in security for mobile applications
- Good knowledge of containerization (Docker) and container orchestration (Kubernetes) with an emphasis on security
- Thought leadership artifacts (speeches made at meetups, conferences)
- Practical knowledge of security requirements as defined in documents such as GDPR, ISO 27001, HIPAA, PCI-DSS, PSD/PSD2
Benefits
- 100-percent remote work;
- work with an experienced team of developers and continuous development of your hard and soft skills;
- a mentor who will assist you during your first days;
Tags: Agile Audits Automation AWS Azure CI/CD Cloud DAST DDoS Docker Firewalls GDPR HIPAA IDS IPS ISO 27001 Kubernetes Linux OWASP Pentesting Product security PSD2 Risk analysis SAST SDLC Security assessment Security strategy Strategy VPN Vulnerabilities
Perks/benefits: Conferences
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs