Product Security Engineer

Pool4Tool

Odgovara na prijave

Belgrade or Novi Sad

online intervju

20.08.2020.

Cloud Agile intermediate

JAGGAER is the world’s leading provider of comprehensive spend management solutions with 2,000 customers connected to a network of 3.7 million suppliers in 70 countries, served by offices located in North America, Latin America, throughout Europe, the United Kingdom, Australia, Asia and the Middle East. JAGGAER offers complete SaaS-based Source-to-Pay solutions with advanced capabilities and embedded intelligence to transcend the customer experience and simplify the complex enabling unparalleled adoption and customer outcomes. JAGGAER has pioneered spend solutions for over two decades and continues to lead the innovation curve by listening to customers and analyzing the market. Our solution suites are trusted by the world’s largest manufacturing, education, healthcare, pharmaceutical, retail, consumer package goods, transportation & logistics, business services, construction, utility companies, and public service organizations. www.JAGGAER.com

PRODUCT SECURITY ENGINEER (m/f)

This is a position in our offices in Belgrade or Novi Sad, whatever location is better for you.

The Product Security Engineer acts as the subject matter expert and supports all areas of product cybersecurity including secure by design strategies, risk management, testing, training, and incident response.

Summary of Responsibilities:

Advise product development teams regarding the implementation of cybersecurity controls, the design of security-related features, and the delivery of cybersecurity regulatory requirements.
Lead the security testing efforts of the products. This includes the defining the scope, selecting the vendor or tool, scheduling and timing of testing, and interpreting the results.
Lead the effort of building the cybersecurity knowledge within the product teams by identifying knowledge gaps and working with the Product Development Teams to provide necessary training.
Take lead on all Product Security Incident Response including the identification of affected products, assignment of severity, root cause analysis, and tracking mitigation efforts
Advise and ensure accuracy of external communications related to product security and assist with customer product security questions.
Familiarity with SAST, DAST, and OSS scanning tools.
Familiarity with CI/CD methodologies and toolsets.
Solid understanding of common software and web application security vulnerabilities.
Knowledge of crypto primitives, authentication protocols, and authorization standards (Eg: SSL/TLS, SAML, OAuth, JWT tokens), and implementation within most major cloud providers.
Ability to find, evaluate, and remediate common vulnerabilities (CVEs) In firmware, software, and configurations
Collaborate with developers and infrastructure teams to remediate vulnerabilities
Act as a subject matter expert for incident remediation and security related architecture decisions
Identify new and emerging security tools and practices for implementation
Proactively support and engage to build an audit infrastructure in support of compliance

Position Requirements:

Five years of meaningful agile software development experience.
Strong understanding of security assurance methodologies and technologies, such as secure coding standards, static and dynamic security testing, and secure software development life cycles.
Knowledge of Product Security frameworks [BSIMM, OpenSAMM]
Strong understanding of large scale data computation, encryption, security, and privacy in hybrid environments spanning on premise and cloud infrastructure.
Expertise in programming and scripting languages
Security community contributions such as scientific publications, public CVEs, bug-bounty recognition, open source tools, or blogs are useful.
Experience in applying OWASP Top 10 and other industry standard software hardening practice
Bachelors or Masters in Computer Science or Engineering with an emphasis in Computer Security or a related field, or equivalent experience.