Lead Product Security Engineer

Cox Enterprises

  • Draper, UT
  • Permanent
  • Full-time
  • 2 months ago
Company: Cox Automotive - USAJob Family Group:Engineering / Product DevelopmentJob Profile: Lead Software EngineerManagement Level: Manager - Non People LeaderTravel %: Yes, 5% of the timeWork Shift: Day (United States of America)Job Description:The Lead Product Security Engineer holds an engineering leadership role that drives the development of process and automation solutions around our application security tools. This individual will guide the team to contribute to these initiatives with quality in mind. They will also guide technical and security engineering discussions within the team, and will be seen as an authority on secure coding, secure infrastructure, and secure design best practices. They will help to imagine and shape the systems and process flows on incorporating security organically into the engineering teams’ day to day workflows.This engineer will work with AWS and other cloud technologies as well as a variety of commercial and open source security products and frameworks. While this is an individual contributor role, you’ll be involved in many aspects – help evolve our existing architecture, reduce complexity, work with engineering teams to improve operations, and implement and operationalization new security tooling, as needed. Beyond automation of onboarding or usage of our application security tools, we strive for continuous improvement of processes and the integration of best practices. We’re looking for someone who has an interest in application security, cloud technologies and a passion to help the organization create secure-by-default world-class software.Key Responsibilities:
  • Reporting to the Product Security Director, serves as a member of the Product Security Engineering team
  • Works with partner engineering teams to create applications and services that align to the Pproduct Ssecurity mission and goals and in order to create a paved road
  • Leverages technology (tools, capabilities, processes) to level up software engineering teams’ secure coding practices and knowledge
  • Operationalizes off the shelf application security tools to help engineering teams build, deploy and deliver secure software
  • Provide situational white glove service to critical business engineering teams
  • Must be able to help engineering teams fix application security defects using a variety of technology stacks
  • Promotes incorporation of security processes and practices to make security an organic part of a declarative pipeline model (e.g. CICD practices)
  • Communicate process and tool automation improvements to the Product Owner and Product Manager, as opportunities and repeating concerns are observed
  • Helps define the team’s tasks and objectives, based on continuing analysis of service requests
  • Creates automation solutions to support tool administration and operation
  • Consistently exhibits a positive attitude and desire to help the team to succeed
  • Design and build monitoring systems for developed automation applications and services
  • Participate in On-call rotation with the team (once every 3-4 weeks)
  • Consistently meets or exceeds predefined support and services Service Level Objectives (SLOs)
  • Executes tasks with minimal supervision
Qualifications:
  • Bachelor’s Degree; (preferably Computer Science or Cybersecurity) and 6 years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 4 years'; or a P.h.D. and 1 year of related experience; or 18 years' experience in a related field.
  • Proven and demonstrable experience building software applications with technologies like C#, Java
  • Proven and demonstrable experience with front end or Javascript frameworks like Typescript and Node.js
  • Experience designing and implementing security solutions and processes around application security tools
  • Experience administering, maintaining and supporting application security tools and services
  • Experience with at least 3 areas of the following application security areas and tooling: cloud, application code, mobile applications, and API.
  • Strong cloud infrastructure experience, preferably AWS and Azure
  • Solid understanding of DevOps - automated deployments and release orchestration
  • Solid understanding of containers and microservice architecture
  • A solid understanding and knowledge of the latest cybersecurity threats, current best practices, and related software
  • Excellent communication, interpersonal and teamwork skills
  • Strong analytical and problem solving skills
  • Excellent attention to detail
Preferred:
  • Master’s in Cybersecurity or equivalent experience
  • Threat modeling
  • Fundamental understanding of modern cloud architecture (containerization, databases, message queueing, events, etc.)
  • Familiarity with Infrastructure as Code technology such as Terraform
  • An understanding of deployment methodologies like Blue/Green, Canary, etc.
  • Familiarity with various Cloud monitoring tools (Cloudwatch, New Relic, Splunk)
  • Familiarity with networking and network security
  • Familiarity with Cloud security tools
  • Experience with scalable networking technologies
  • Familiarity with standard IT security practices such as encryption, certificates, and key management
  • Minimum 1 year of mobile application development experience
  • Working knowledge of infrastructure technologies such as OS (Linux and Windows), Network, Database, Server, Storage etc.
  • Comfortable with build and deploy tools
  • Experience managing, building, debugging and deploying Docker containers and microservice architecture
  • Experience in a consulting, services, or platform engineering role
Drug Testing: To be employed in this role, you’ll need to clear a pre-employment drug test. Cox Automotive does not currently administer a pre-employment drug test for marijuana for this position. However, we are a drug-free workplace, so the possession, use or being under the influence of drugs illegal under federal or state law during work hours, on company property and/or in company vehicles is prohibited.About Us: Through groundbreaking technology and a commitment to stellar experiences for drivers and dealers alike, Cox Automotive employees are transforming the way the world buys, owns, sells – or simply uses – cars. Cox Automotive employees get to work on iconic consumer brands like Autotrader and Kelley Blue Book and industry-leading dealer-facing companies like vAuto and Manheim, all while enjoying the people-centered atmosphere that is central to our life at Cox. Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page. Cox is an Equal Employment Opportunity employer – All qualified applicants/employees will receive consideration for employment without regard to that individual’s age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.

Cox Enterprises