Senior Product Security Engineer
Remote
Newsela
Content Aligned To National & State Standard, Flexible To Support Relevant Curriculum. Find the Perfect Piece Of Content For Lessons. Go beyond the book.The role:
- As a Product Security Engineer at Newsela, you will play a pivotal role in ensuring the security of our SaaS products by designing and implementing security controls to protect sensitive data to prevent unauthorized access.
- Ensure compliance with relevant security standards, regulations, and industry certifications (e.g., SOC2, GDPR, HIPAA), while managing requirements gathering and remediation efforts for SOC2 and other security audits.
- Develop security-related documentation, such as policies, procedures, and control mappings, while participating in risk assessments and compliance reviews to identify areas for improvement.
- Champion security awareness and adherence to secure coding practices among development teams and provide guidance and support to internal stakeholders on security best practices and compliance requirements.
- You will work closely with our engineering teams to build advanced detection solutions to help keep systems and information safe and partner closely with our Legal team to conduct complex investigations.
- Collaborate with internal stakeholders and external partners, including vendors and customers, to respond to RFPs about product security and compliance.
- Lead investigations into security incidents by conducting root cause analysis and implementing corrective actions to prevent recurrence.
- Implement security controls and remediation activities to mitigate identified risks and vulnerabilities.
- Monitor and track compliance with security policies and standards, and report on findings to relevant stakeholders.
Why you’ll love this role:
- You’ll be part of an organization solving real challenges in K-12 education, and your role will directly impact Newsela’s product security.
- Your work will shape the future of Newsela’s security practices for our products, which are loved by teachers nationwide, and you’ll work to protect sensitive data and prevent unauthorized access for our customers, teachers and students.
- Your expertise in identifying and mitigating security risks will be essential in safeguarding our customers' data and ensuring compliance with industry standards and regulations.
- Will you empower our developers to securely introduce new features.
- You will lead investigations into security incidents, conducting root cause analysis and implementing corrective actions to prevent recurrence.
Why you’re a great fit:
- 3+ years of experience as a Product Security Analyst, Product Security Engineer, or Security Engineer with proven experience in product security engineering and a focus on SaaS applications.
- Bachelor's degree in Computer Science, Information Security, or related field. Advanced degree or relevant certifications (e.g., CISSP, CISM, CSSLP) preferred.
- Experience working with vendors and customers to respond to RFPs about product security and compliance, and experience working in partnership with Software Development and Legal teams for security compliance.
- Experience with requirements and remediation for SOC2 and other security audits for software as a service.
- Demonstrated coding ability in Python and familiarity with cloud computing platforms (e.g., AWS, Azure, GCP), and associated security controls.
- Strong understanding of web application security concepts, including authentication, authorization, encryption, and secure coding practices.
- Hands-on experience with security tools and technologies, such as vulnerability scanners, penetration testing tools, and SIEM solutions.
- Strong analytical and problem-solving abilities, with a keen attention to detail and a proactive approach to security challenges.
- Proven capacity to assess system security, discern patterns, and delve into intricate issues.
- Proficiency in making data-driven, risk-based decisions.
- Results-driven approach with exceptional interpersonal and communication abilities to effectively engage with technical and non-technical stakeholders.
- Strong empathy towards our customers, including internal developers.
Base Compensation: $120,000 - $136,000. Total compensation for this role also incentive stock options and benefits. This compensation range may be adjusted based on actual experience.
Tags: Application security Audits AWS Azure CISM CISSP Cloud Compliance Computer Science Encryption GCP GDPR HIPAA Pentesting Product security Python Risk assessment SaaS SIEM SOC 2 Vulnerabilities
Perks/benefits: Equity
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs