Senior Cloud SDET
CrowdStrike
AWSCassandraCloudCyber SecurityDistributed SystemsDockerEC2ElasticSearchGoGRPCJavaJavaScript+10 more
Staff Product Security Engineer
Greenlight
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteSalary
💰 $165,000 - $200,000 per year
Job Level
Lead
Tech Stack
AWSCloudDynamoDBJavaJavaScriptKotlinKubernetesLinuxMySQLNode.jsReactRedisReduxSDLCSwift
About the role
- Your day-to-day: Support in developing and executing a comprehensive product security strategy that aligns with the company's goals and risk appetite.
- Foster a culture of security awareness and ownership across the Engineering and Product organizations.
- Integrate security best practices and automated tooling into the entire Software Development Lifecycle (SDLC), from design and threat modeling to testing and deployment.
- Establish and enforce secure development standards (i.e. API security, coding, IaC, etc.) and best practices across the organization.
- Oversee the application security program, including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and manual penetration testing.
- Partner closely with engineering, product, and platform teams to prioritize and remediate security vulnerabilities in a timely and efficient manner.
- Establish and manage a mature incident response process for product-related security events and vulnerabilities.
- Partner with engineering, product, and platform teams to enhance Greenlight Application’s security features.
- Stay current with the latest security threats, vulnerabilities, and industry best practices to continuously evolve our security controls and processes.
Requirements
- Deep knowledge of web and mobile application security, common vulnerabilities (OWASP Top 10), and secure coding practices
- Deep technical knowledge of CI/CD pipeline and relevant tools for web and mobile applications
- End to end experience on implementing and managing tools for Product Security (i.e. API Security, Mobile Protection, SAST, runtime scanning, etc.)
- Hands-on experience with security tools for SAST, DAST, IAST, and penetration testing
- Strong understanding of cloud security principles in AWS environments
- Excellent communication skills with the ability to articulate complex security concepts to both technical and non-technical audiences
- Plus: Experience with security tools such as Burp Suite, Metasploit, Kali Linux
- Plus: Background in financial services, fintech, or highly regulated industries
- Plus: Hands-on certifications (e.g. OSCP, Certified Ethical Hacker, SANS) and/or demonstrated code projects. Please share your github or public code samples with us!
Similar jobs on JobTailor
Application Security Architect
Jabil
AngularCloudCyber SecurityJavaNode.jsSDLCSOAPSQL
Senior Java Lead / Architect
NucleusTeq
AWSAzureCassandraCloudDockerETLJavaJenkinsKubernetesMicroservicesOpenShiftOracle+3 more
Software Development Engineer in Test (SDET) - Automation | Java | US Healthcare
Aspire Software
AWSAzureCloudDockerETLGoogle Cloud PlatformGroovyJavaJavaScriptJenkinsJMeterJUnit+10 more
AVP, Quality Engineering Technical Lead
LPL Financial
AWSCloudDockerJavaJavaScriptKubernetesPythonSeleniumTerraform