Product Security Engineer - Lead

Job Summary

The Lead Product Security Engineer will work closely with software development teams to build secure products, ensuring security controls are available by default, and educating stakeholders on best practices and standards. You will be focused on areas such as Application Security, Vulnerability Management, Secure Architecture and Coding, Penetration Testing and Cloud Security. The Lead Product Security Engineer will also participate in security reviews and threat modeling exercises. As the Lead Product Security Engineer, you will play a key role in finding creative ways to solve complex problems using an automation first mindset.

Primary Duties and Responsibilities:

•    Conduct thorough technical security assessments, perform security architecture reviews, threat modeling, and vulnerability assessments, and provide expert security opinion to minimize risk in TeleTracking’s products and SDLC.

•    Perform vulnerability and penetration testing, emphasizing automation for testing and remediation.

•    Drive healthcare regulatory compliance with product, platform, and development lifecycles.

•    Perform security log analysis and security alert analysis; perform risk assessments.

•    Partner with software development teams to identify and solve complex security problems.

•    Maintain and create secure development practices and programs for our software development teams.

Education:

•    Degree in Information/Cybersecurity, Computer Science, or equivalent.

•    Security certification(s) such as CISM, CySA, PNPT, Pentest+, CEH, CISSP are a plus.

Experience:

•    7+ years of cybersecurity experience with a deep background in application programming.

•    5+ years of software development experience with a security focus.

•    Technical and analytical expertise, including threat modeling, vulnerability testing, cryptography, and proficiency in software development (Java, JavaScript, Python, C#/.NET, Go(Golang), etc.).

•    Strong experience penetration testing application vulnerabilities using a variety of methods, including development of exploits.

•    Experience with cloud security technologies, such as Azure and AWS.

•    Experience with containerization and container security, such as Docker and Kubernetes.

•    Experience in implementing, using, and managing Infrastructure as Code tools such as Terraform.

•    Experience with identifying and supporting the remediation of software supply chain risks.

•    Experience in implementing, using, and managing application security testing tools.

•    Familiarity with commonly used secure software development lifecycle maturity frameworks.

•    DevOps and Software engineering experience is a plus.

Skills:

•    Strong understanding of web application security, secure software design, and secure coding practices.

•    Strong understanding of secure architecture and development concepts.

•    Proficiency in designing and implementing security controls for microservices, such as API gateways, service meshes, and container security.

•    Strong in both upward and downward communication of security updates and reports.

•    Familiarity with OWASP Top 10 and CWE Top 25 Most Dangerous Software Weaknesses.

Work Environment:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable qualified individuals with disabilities to perform the essential functions. The term "qualified individual with a disability" means an individual with a disability who, with or without reasonable accommodation, can perform the essential functions of the position.

While performing the duties of this job, the employee is regularly required to communicate professionally in person, over the telephone, through email and other electronic means, move about the office, handle various types of media and equipment, and visually or otherwise identify observe and assess. The employee is occasionally required to lift up to 10 pounds unless otherwise specified in the job description.

TeleTracking has a COVID-19 vaccination policy which mandates vaccination for certain positions or an approved exemption due to religious or medical reasons. Any accommodation request will be objectively considered in accordance with the Federal, State, and Local laws on a case-by-case basis.

TeleTracking is committed to providing equal employment opportunity to all people in all aspects of the employment relationship, without discrimination because of race, age, sex, color, religion, national origin, disability or status as a Vietnam era or special disabled veteran or any other unlawful basis, as defined by applicable law, and fostering a workplace free of unlawful discrimination and retaliation. This policy affects decisions including, but not limited to, hiring, compensation, benefits, terms and conditions of employment, opportunities for promotion, transfer, layoffs, return from a layoff, training and development, and other privileges of employment.

An integral part of TeleTracking’s commitment is to comply with all applicable federal, state, and local laws concerning equal employment and affirmative action.