Apply on Employer Site

Altice USA · 3 months ago

Senior Product Security Engineer - Applications

USA.TX.Plano-Granite Pkwy

Full-time

Onsite

Senior Level

5+ years exp

Altice USA is a leader in the fast-paced world of connectivity, seeking enthusiastic professionals to join their team. As a Senior Product Security Engineer focusing on application security, you will collaborate with engineering and product teams to ensure security is integrated into every product while leading initiatives to implement secure architecture and design principles.

Communications Infrastructure

Responsibilities

Collaborate with engineering and product teams to integrate security and secure-by-default guardrails into the product lifecycle, ensuring that security is a core consideration in all design and development decisions

Conduct Threat Modeling and Risk Assessments from the early stages of the product development lifecycle to identify, assess, and prioritize security risks, enabling proactive mitigation strategies

Perform rigorous security testing and reviews to uncover and address security weaknesses

Lead initiatives automating security processes from the developer workstation to cloud, SaaS, and datacenter environments

Design, build, deploy, and support security-focused solutions across cloud and on-premise footprints

Foster a security-first culture by educating and empowering engineering and product teams through training, awareness campaigns, and mentorship, cultivating a strong security mindset

Stay updated on the latest security threats, vulnerabilities, and technology trends, and proactively implement improvements

Contribute to incident response efforts, investigate root causes, and implement corrective actions to minimize impact and prevent future occurrences

Qualification

Application SecurityThreat ModelingRisk AssessmentsCloud SecuritySecure SDLCSecurity FrameworksProgramming LanguagesCommunication SkillsMentorshipCollaboration

Required

Bachelor's degree in Computer Science, Electrical Engineering, a related field, or equivalent professional experience. Master's degree is a plus

5+ years of combined hands-on experience in software engineering and application and infrastructure security, including securing cloud-based and containerized environments

Demonstrable experience with product and application security concepts, including API, web, and mobile app security

Excellent communication skills, both written and verbal, and the ability to communicate complex security concepts to technical and non-technical audiences, including senior leadership

Proven ability to establish credibility and build trust with engineers and operational staff

Expertise in conducting comprehensive threat modeling and risk assessments to identify and mitigate vulnerabilities

Experience building, deploying, and securing workloads and infrastructure in Google Cloud Platform (GCP)

Experience utilizing and securing AI/ML models and AI-integrated solutions, a general understanding of AI concepts, and a willingness to learn more

Proficient in modern security frameworks, tools, and techniques. Familiarity with security standards and frameworks such as ISO, NIST, OWASP, etc

Proficiency in secure SDLC practices, commercial and open-source security testing tools (SAST, DAST, SCA, fuzzing), container security (Docker, Kubernetes), and cloud security (GCP, AWS, Azure)

Practical experience securing CI/CD pipelines; Infrastructure-as-Code (IaC) tools like Terraform; GitHub and/or Gitlab; artifact management

Strong understanding of both human and non-human identity management, enterprise and consumer authentication standards and use cases, and common protocols including OAuth and SAML

Experience overseeing vulnerability and threat management at the platform and application levels

Strong understanding of cryptography and key management use cases

Proficiency in one or more modern programming languages like Golang, Python, Node, and Java