← Все вакансии/Senior/tripactions
SeniorOfficePalo Alto, CA or San Francisco, CA

Product Security Engineer

T
tripactions
Зарплата
$11,300–$25,000
Уровень
Senior
Формат
Office
О роли

Описание вакансии

About the company

Navan products security.

Responsibilities
  • Serve as the primary architectural lead for high-priority product security initiatives, ensuring the strategic alignment and timely delivery of impactful programs.
  • Be a key advisor to the overall strategy and roadmap of the Product Security Program.
  • Drive the expansion and maturation of the Navan S-SDLC program across the organization.
  • Review product designs for security defects, perform threat modeling and recommend remediations.
  • Work with engineers to identify the tradeoffs of different solutions and recommend the ideal design to meet security requirements.
  • Design and develop security tools and processes to be leveraged by development teams.
  • Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities.
  • Lead the definition and development of custom Security as Code solutions.
  • Provide training, guidance, and assistance to development teams early in the SSDLC.
  • Cultivate security ownership in the product teams.
  • Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation.
  • Help build the Red Team and PSIRT functions.
Requirements
  • Proven experience performing threat modeling and architecture reviews for complex applications.
  • Proven experience delivering critical org-wide product security initiatives.
  • Proven experience performing application, cloud and mobile penetration testing in high risk environments like financial or healthcare companies.
  • 8-10+ years of Technical Product Security experience with a proven track record of system-wide impact in SSDLC tooling, automation, and threat modeling/attack surface analysis.
  • Proven ability to mentor junior engineers and lead cross-functional initiatives in multifaceted and highly technical organizations.
  • Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software.
  • Experience working in Agile development with experience in technologies such as: Cloud environment (AWS, or similar); Application security testing tools (SAST, DAST, IAST, SCA, or similar); Infrastructure as code (Terraform, or similar); Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular; Containers (Docker, Kubernetes, or similar); Continuous integration (Jenkins, Github Actions or similar); Integration of Security testing tools into CI pipelines; Defect tracking (Jira,or similar.); Source code management (GitHub, or similar.)
  • In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods.
  • Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world.
Conditions
  • Pay Range: $135,000 — $300,000 USD
Стек и навыки

С чем работаем