If you are an experienced and hands-on Product Security professional with a passion for cybersecurity, and a desire to lead and actively contribute to securing our digital platforms, we would love to hear from you. Join us in our mission to ensure the security and trustworthiness of our digital platforms and make a positive impact on the learning experience of millions of users.
About the Role:
We are seeking a highly skilled and hands-on individual with 5+ years of relevant experience to join our team as a Lead Product Security Engineer. In this role, you will be a part of our existing Product Security function while actively participating in security testing, vulnerability assessments, and securing our web applications, mobile apps, engineering development environment, cloud infrastructure, and source code repositories for the group. This position requires strong people management skills along with a deep technical expertise in product security and a proactive approach to solving security challenges.
Responsibilities:
- Lead and be hands-on in the Product Security team, providing guidance, mentorship, and support to team members when needed.
- Actively participate in security testing and vulnerability assessments of web and mobile applications.
- Collaborate closely with cross-functional teams to integrate security into business processes and make risk-based decisions considering business impact.
- Drive the implementation of proactive security solutions and best practices across the organization.
- Foster a culture of security by promoting a Secure by Default and Secure by Design approach to product development and infrastructure.
- Develop and execute hands-on DevSecOps programs, including penetration testing, automation, static/dynamic code analysis, threat modeling, and developer training.
- Conduct secure design reviews and contribute to threat modeling exercises.
- Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices.
- Manage relationships with external security vendors, consultants, and stakeholders as needed.
- Collaborate with senior management to develop and implement security strategies, policies, and procedures.
Requirements:
- Previous experience working in a product security function in a high-growth organization.
- Strong technical background and hands-on experience in security testing of web and mobile applications.
- Proven experience in implementing proactive security solutions and integrating security into the software development lifecycle (SDLC)
- Familiarity with secure design review, threat modeling, and testing methodologies such as OWASP.
- Hands-on experience securing cloud infrastructure (AWS) and familiarity with containerization technologies (Kubernetes, Docker).
- Excellent communication and collaboration skills to work effectively with cross-functional teams and stakeholders.
- Professional security certifications such as OSCP, CEH or relevant security credentials are desired.
