Principal Engineer – Product Security

Be the first to see
all new Principal Engineer – Product Security jobs

Principal Engineer – Product Security Job Description Template

Our company is looking for a Principal Engineer – Product Security to join our team.

Responsibilities:

  • Work with product development engineering teams to address security findings and negotiate priorities for these to be released;
  • Develop security material (brochures, white-papers) for consumption by customers showcasing the security of our products;
  • Lead conversations about security with prospective & current customers alongside the business and sales team;
  • Work with software engineers to design preventative and/or detective controls for specific security issues;
  • Perform threat models of products;
  • Partner with product development engineering teams to ensure that products are “secure from the start” through an Agile Secure Development Lifecycle;
  • Work alongside technical leadership to ensure secure architectural patterns are being used;
  • Provide visibility around product security weaknesses to the business;
  • Work with members of Cyber Defense to integrate security monitoring of products;
  • Work with engineering teams to build reusable security components;
  • Help build, maintain and execute a strategy to secure our customer-facing products;
  • Develop security requirements and stories;
  • Serve as the security SME for product development engineering teams.

Requirements:

  • Expert knowledge with Information Security frameworks and fundamentals including ISO 27001, NIST, Lockheed Killchain and MITRE ATT&CK-based analytics;
  • Ability to communicate complicated technical issues and risks to engineers, project managers and product managers;
  • A strong understanding of modern development processes including agile development;
  • Experience with design and architecture using modern secure design patterns;
  • Familiarity with security related certifications such as PCI, ISO27001;
  • Extensive experience with application security tools like code scanners, dynamic analysis tools;
  • Experience with cloud best practices and security – AWS, GCP, Azure;
  • Strong understanding of public application security projects such as OWASP, BSIMM;
  • Experience in one or more of the following modern languages/frameworks – Node.js, PHP, Java, C#, Python;
  • Strong knowledge of application security topics such as authn, authz, encryption, session management, federation, encryption.