Software Product Security Engineer
Celestica
full-time
Posted on:
Location Type: Office
Location: Monterrey • Mexico
Visit company websiteExplore more
About the role
- Works directly with DevOps and Engineering teams to bake security into the Software Development Life Cycle (SDLC)
- Identifies potential attack vectors and suggests mitigations
- Triages bugs found via automated scanners, internal audits, or Bug Bounty programs
- Implements and manages tools like SAST, DAST, and SCA to catch insecure dependencies
- Performs manual 'deep dives' into critical codebases to spot logic flaws that automated tools might miss
- Acts as a subject matter expert when a security flaw is exploited in production
- Leads activities to find ways to bypass the logic to alter 'Recipe' files or production data
- Creates 'Security Champions' programs to teach engineers how to write defensive code
Requirements
- 4 to 6 years typical experience in similar roles
- Proficiency in at least one 'product' language (C# (.Net core), JavaScript, SQL)
- Deep understanding of the OWASP Top 10 (SQLi, XSS, CSRF) and cloud security (AWS/Azure/GCP)
- Experience with Snyk, Checkmarx, Burp Suite, or GitHub Advanced Security
- Familiarity with Docker, Kubernetes, and CI/CD pipelines (Jenkins, GitLab CI)
- Bachelor's Degree or consideration of an equivalent combination of education and experience
Benefits
- Celestica is an equal opportunity employer
- Special arrangements can be made for candidates who need it throughout the hiring process
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
C#JavaScriptSQLSASTDASTSCAOWASP Top 10cloud securityDockerKubernetes
Soft Skills
leadershipcommunicationproblem-solvingcollaborationteaching
Certifications
Bachelor's Degree