Netwitness Software Sr Engineer

Position Overview:

As a Senior Product Security Engineer specializing in SecDevOps, you will be responsible for integrating security into every aspect of the product development lifecycle. You will work closely with cross-functional teams to embed security best practices, automate security processes, and ensure the robustness of our products against emerging threats. This role requires a deep understanding of security principles, DevOps methodologies, and a proactive mindset to anticipate and mitigate security risks effectively.

Responsibilities

• Collaborate with product development teams to integrate security practices into the software development lifecycle (SDLC) from design to deployment.
• Design, implement, and maintain security controls, tools, and processes to automate security tasks and ensure continuous security monitoring.
• Conduct security assessments, code reviews, and penetration testing to identify and remediate vulnerabilities in products and infrastructure.
• Provide guidance and expertise on secure coding practices, encryption, authentication, and access control mechanisms.
• Develop and maintain security documentation, including threat models, security requirements, and incident response plans.
• Stay abreast of emerging security threats, vulnerabilities, and industry best practices to proactively identify and address security risks.
• Perform due diligence on vulnerability management and scanning tools including vendor selection, Proof of concepts etc.
• Participate and facilitate with external vendors on Pentest, security assessments, Common Criteria, SOC2 Type2 engagements.
• Lead security awareness training and education initiatives for development teams to foster a security-first culture.

Qualifications:

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
• Extensive experience (8+ years) in product security engineering, with a focus on integrating security into DevOps practices.
• Strong knowledge of secure coding principles, cryptography, network security, and application security.
• Proficiency in scripting and automation using languages such as Python, Ruby, or Bash.
• Basic understanding of Java and C++ programming languages.
• Experience with cloud platforms (e.g., AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes).
• Familiarity with DevOps tools and practices, including CI/CD pipelines, infrastructure as code (IaC), and configuration management.
• Excellent communication skills with the ability to convey complex security concepts to technical and non-technical audiences.
• Strong knowledge in vulnerability impact analysis and calculating CVSS.
• Knowledge in tools like, Black Duck, Tenable, Semgrep, Trivi, ZAP, BurpSuite
• Knowledge in NIST, CWE, OWASP are plus
• Industry certifications such as CISSP, CISM, or OSCP are a plus.

RSA is committed to the principle of equal employment opportunity for all employees and applicants for employment and to providing employees with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race, color, and any other category protected by applicable country law.

If you need a reasonable accommodation during the application process, please contact the RSA Talent Acquisition Team at rsa.global.talent.acquisition@rsa.com. RSA and its approved consultants will never ask you for a fee to process or consider your application for a career with RSA. RSA reserves the right to amend or withdraw any job posting at any time, including prior to the advertised closing date.