Lead Product Security Engineer
Cox Enterprises
- Draper, UT
- Permanent
- Full-time
- Reporting to the Product Security Director, serves as a member of the Product Security Engineering team
- Works with partner engineering teams to create applications and services that align to the Pproduct Ssecurity mission and goals and in order to create a paved road
- Leverages technology (tools, capabilities, processes) to level up software engineering teams’ secure coding practices and knowledge
- Operationalizes off the shelf application security tools to help engineering teams build, deploy and deliver secure software
- Provide situational white glove service to critical business engineering teams
- Must be able to help engineering teams fix application security defects using a variety of technology stacks
- Promotes incorporation of security processes and practices to make security an organic part of a declarative pipeline model (e.g. CICD practices)
- Communicate process and tool automation improvements to the Product Owner and Product Manager, as opportunities and repeating concerns are observed
- Helps define the team’s tasks and objectives, based on continuing analysis of service requests
- Creates automation solutions to support tool administration and operation
- Consistently exhibits a positive attitude and desire to help the team to succeed
- Design and build monitoring systems for developed automation applications and services
- Participate in On-call rotation with the team (once every 3-4 weeks)
- Consistently meets or exceeds predefined support and services Service Level Objectives (SLOs)
- Executes tasks with minimal supervision
- Bachelor’s Degree; (preferably Computer Science or Cybersecurity) and 6 years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 4 years'; or a P.h.D. and 1 year of related experience; or 18 years' experience in a related field.
- Proven and demonstrable experience building software applications with technologies like C#, Java
- Proven and demonstrable experience with front end or Javascript frameworks like Typescript and Node.js
- Experience designing and implementing security solutions and processes around application security tools
- Experience administering, maintaining and supporting application security tools and services
- Experience with at least 3 areas of the following application security areas and tooling: cloud, application code, mobile applications, and API.
- Strong cloud infrastructure experience, preferably AWS and Azure
- Solid understanding of DevOps - automated deployments and release orchestration
- Solid understanding of containers and microservice architecture
- A solid understanding and knowledge of the latest cybersecurity threats, current best practices, and related software
- Excellent communication, interpersonal and teamwork skills
- Strong analytical and problem solving skills
- Excellent attention to detail
- Master’s in Cybersecurity or equivalent experience
- Threat modeling
- Fundamental understanding of modern cloud architecture (containerization, databases, message queueing, events, etc.)
- Familiarity with Infrastructure as Code technology such as Terraform
- An understanding of deployment methodologies like Blue/Green, Canary, etc.
- Familiarity with various Cloud monitoring tools (Cloudwatch, New Relic, Splunk)
- Familiarity with networking and network security
- Familiarity with Cloud security tools
- Experience with scalable networking technologies
- Familiarity with standard IT security practices such as encryption, certificates, and key management
- Minimum 1 year of mobile application development experience
- Working knowledge of infrastructure technologies such as OS (Linux and Windows), Network, Database, Server, Storage etc.
- Comfortable with build and deploy tools
- Experience managing, building, debugging and deploying Docker containers and microservice architecture
- Experience in a consulting, services, or platform engineering role