Apply on Employer Site

Wind River · 2 weeks ago

Member of Technical Staff -Product Security

Troy, MI

Full-time

Onsite

Senior Level, Lead/Staff

$165K/yr - $206K/yr

8+ years exp

Wind River is a global leader in delivering software for mission-critical intelligent systems. The Member of Technical Staff for Product Security will focus on implementing modern DevSecOps technologies and pioneering new security tools and processes for cloud-native solutions.

Developer ToolsHardwareOperating SystemsProject ManagementSoftware

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Secure application on OnPrem and Public Cloud environments leveraging IAC

Establish, implement security policies for Docker, K8s and Public Cloud Platforms

Implement and automate Application Security policies by embedding SAST, DAST, API Security and Penetration Testing in the product development workflow

Accelerate container security with pipeline development

Drive vulnerability management and remediation in partnership with various product teams

Manage and maintain secure integrations between tools like Gitlab, Jenkins, JIRA, and many more

Implement solutions for event log collection and SIEM

Qualification

Application SecurityDevSecOps principlesCloud security architectureVulnerability managementProgramming PythonProgramming GoPipeline automationInfrastructure as CodeSecurity penetration testingCybersecurity principlesAgileScrumProblem-solving skillsCommunication skillsTeam playerGrowth mindset

Required

Experience in securing cloud-native development environments

Strong technical and communication skills

Desire to learn new technologies and their application

Expertise in Application Security, network design, back-end security-enhancing features

Deep knowledge of application vulnerability management, remediation, and troubleshooting skills

Hands-on experience using tools like Coverity, BurpSuite, ZAP, Trivy, PRISMA Cloud, Tenable, Rapid7 etc

Excellent programming skills using Python, Go etc

Proficiency in pipeline automation leveraging Gitlab, Jenkins, Jira etc

Strong foundation of DevSecOps principles, Infrastructure as Code including Terraform and Helm, Container and Cluster hardening

Good exposure to cybersecurity principles with a desire to increase knowledge

Experience in Architecting and delivering security features on cloud providers (Azure AWS, GCP etc.), On Prem and Hybrid environments

Industry standards-based documentation, certification, and accreditation such as NIST SP 800-53, NIST 800-171, FEDRAMP, and Security Technical Implement Guides (STIGs)

Self-managed, fast learner, and strong problem-solving and analytical skills

Excellent verbal and written communication skills and a good listener

Exceptional team player who works well in collaborative situations

Ability to brainstorm and represent competing ideas simultaneously

Growth mindset who is passionate about learning and applying new technologies

8+ years of relevant technical experience in cybersecurity with 2+ years of experience in software engineering

BS / MS degree (Computer Science, Electronics Engineering, or equivalent technical degree)