Senior Product Security Engineer - Secure Design and Development
CZ - Prague
Applications have closed
Tricentis
Accelerate software testing to keep pace with Agile and DevOps - with the industry's most innovative automated software testing tools.The Product Security team is seeking a Senior Product Security Engineer to implement secure development practices in a fast-paced, agile development environment. You will be responsible for defining security requirements, adoption and configuration of security tooling and platforms, threat modeling and risk assessment, secure architecture reviews, secure code reviews, and security testing. Following a shift-left approach, you will partner closely with product engineering teams. A successful candidate is a self-driven security professional, able to effectively communicate with stakeholders to improve product security posture.
Responsibilities:
Partner with Engineering, DevOps and SRE to integrate secure development practices in each stage of SDLC.
Perform threat modeling, security assessments and drive security testing for products.
Analyze security issues and coordinate triage, tracking and remediation of security incidents.
Continuously learn and stay up to date with new technologies, tooling and techniques in cloud and security.
Provide consultation and educate developers in software security. Participate in internal security community content and activties.
In order to be considered for this role, you must have:
4+ years of experience in cybersecurity or related field
Deep understanding and experience with secure architecture reviews, threat modeling and/or risk assessments
Solid understanding of DevSecOps principles and CI/CD systems
Understanding of security concepts including common vulnerabilities (OWASP Top 10, SANS 25), Secure development practices, and security tooling (SAST, DAST, SCA)
Ability to communicate and coordinate with stakeholders remotely
Passion to learn and grow in cybersecurity field. Ability to mentor junior team members
The following is considered a plus:
Recognized industry certifications (CEH, OCSP, GIAC ...)
Experience with governance and security certifications (SOC2, ISO27001, FIPS)
Bsc./Msc. degree or equivalent formal education in cybersecurity or related fields
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile CEH CI/CD Cloud DAST DevOps DevSecOps GIAC Governance ISO 27001 OWASP Product security Risk assessment SANS SAST SDLC Security assessment SOC 2 Vulnerabilities
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.