Principal Engineer – Product Security Job Description Template
Our company is looking for a Principal Engineer – Product Security to join our team.
Responsibilities:
- Work with product development engineering teams to address security findings and negotiate priorities for these to be released;
- Develop security material (brochures, white-papers) for consumption by customers showcasing the security of our products;
- Lead conversations about security with prospective & current customers alongside the business and sales team;
- Work with software engineers to design preventative and/or detective controls for specific security issues;
- Perform threat models of products;
- Partner with product development engineering teams to ensure that products are “secure from the start” through an Agile Secure Development Lifecycle;
- Work alongside technical leadership to ensure secure architectural patterns are being used;
- Provide visibility around product security weaknesses to the business;
- Work with members of Cyber Defense to integrate security monitoring of products;
- Work with engineering teams to build reusable security components;
- Help build, maintain and execute a strategy to secure our customer-facing products;
- Develop security requirements and stories;
- Serve as the security SME for product development engineering teams.
Requirements:
- Expert knowledge with Information Security frameworks and fundamentals including ISO 27001, NIST, Lockheed Killchain and MITRE ATT&CK-based analytics;
- Ability to communicate complicated technical issues and risks to engineers, project managers and product managers;
- A strong understanding of modern development processes including agile development;
- Experience with design and architecture using modern secure design patterns;
- Familiarity with security related certifications such as PCI, ISO27001;
- Extensive experience with application security tools like code scanners, dynamic analysis tools;
- Experience with cloud best practices and security – AWS, GCP, Azure;
- Strong understanding of public application security projects such as OWASP, BSIMM;
- Experience in one or more of the following modern languages/frameworks – Node.js, PHP, Java, C#, Python;
- Strong knowledge of application security topics such as authn, authz, encryption, session management, federation, encryption.