Product Security Engineer
CZ - Prague
Tricentis
Accelerate software testing to keep pace with Agile and DevOps - with the industry's most innovative automated software testing tools.The Product Security team is seeking a Product Security Engineer to implement secure development practices in a fast-paced, agile development environment. You will be responsible for defining security requirements, adoption and configuration of security tooling and platforms, threat modeling and risk assessment, secure architecture reviews, secure code reviews and security testing. Following a shift-left approach, you will partner closely with product engineering teams. A successful candidate is a self-driven security professional, able to effectively communicate with stakeholders to improve product security posture.
Responsibilities:
Assess security posture of cloud environments of SaaS based products in Azure, identify risks and drive remediation and improvement to address the gaps
Partner with Engineering, DevOps and SRE to integrate secure development practices in each stage of SDLC
Perform threat modeling, security assessments and drive security testing for products
Understanding the Azure cloud adoption framework and security implications of building cloud-based products.
Analyze security issues in products, Cloud environment and applications including triage coordination, tracking and remediation of security incidents
Continuously learn and stay up to date with new technologies, tooling and techniques in cloud and security
Provide consultation and educate developers in SaaS security. Participate in internal security community content and activities.
In order to be considered for this role, you must have:
2+ years of experience in cybersecurity or related field
Solid understanding and experience with Microsoft Azure specifically and cloud computing in general and tooling around cloud security
Solid understanding of DevSecOps principles and CI/CD systems
Understanding of security concepts including common vulnerabilities (OWASP Top 10, SANS 25), secure development practices (code review, threat modeling), security tooling (SAST, DAST, SCA)
Ability to communicate and coordinate with stakeholders remotely
Passion to learn and grow in cybersecurity field. Ability to mentor junior team members
Following is considered a plus:
Recognized industry certifications (CEH, OCSP, GIAC ...)
Experience with governance and security certifications (SOC2, ISO27001, FIPS)
Bsc/Msc degrees or equivalent formal education in cybersecurity or related fields
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Azure CEH CI/CD Cloud DAST DevOps DevSecOps GIAC Governance ISO 27001 OWASP Product security Risk assessment SaaS SANS SAST SDLC Security assessment SOC 2 Vulnerabilities
Perks/benefits: Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.