Get It Recruit - Information Technology · 5 days ago

Product Security Engineer

Irvine, CA

Full-time

Remote

Mid Level

$162K/yr - $221K/yr

3+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Human Resources Services

Insider Connection @Get It Recruit - Information Technology

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Drive cross-functional projects to establish state-of-the-art security development lifecycle practices.

Lead security design reviews and conduct threat modeling for both new and existing services within our organization.

Evaluate, prototype, implement, and manage security-focused tools and services to enhance our product security posture.

Develop and enforce secure architecture standards, frameworks, and patterns spanning various layers of our products.

Stay abreast of emerging security threats, assessing their relevance to our organization, and proactively implementing centralized mitigations.

Actively participate in security assessment activities, including penetration testing and bug bounty programs.

Contribute to security incident response efforts, ensuring timely resolution and mitigation of security incidents.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Cybersecurity PrinciplesApplication SecurityInfrastructure SecurityOWASP Top 10CWE 25Secure Development LifecycleDevOpsWeb Applications SecurityMicroservices SecurityAPI DesignAccess ManagementAuthenticationEncryptionAwareness CampaignsProgramming LanguagesPythonC#JavaScriptJavaThreat ModelingSecurity DesignCryptographyMobile SecurityCloud ComputingProblem-SolvingCritical ThinkingCollaborationCommunication

Required

Demonstrated technical proficiency in cybersecurity principles and practices.

Solid understanding of common application and infrastructure security vulnerabilities and their mitigations (e.g., OWASP Top 10, CWE 25).

Experience implementing Secure Development Lifecycle processes, technologies, and automation within a DevOps environment.

Proficiency in securing large-scale web applications and microservices, including API design, access management, authentication, and encryption.

Strong problem-solving, critical thinking, collaboration, and communication skills.

Experience driving application security training and awareness campaigns.

Active contribution to the security community through research, open-source projects, or publications.

Familiarity with major programming languages and frameworks (e.g., Python, C#, JavaScript, Java).

Minimum of three (3) years of technical security experience in leading software companies, with expertise in security products, threat modeling, security design, architecture, cryptography, mobile security, and cloud computing technologies.

Bachelor's degree in Computer Science, Engineering, or equivalent experience, with the ability to translate technical vulnerabilities into organizational risks.