Principal Product Security Engineer

Our Product Security team is seeking a Principal Product Security Engineer to define and lead a secure development strategy and approach in a fast-paced, agile development environment. You will be responsible for defining and driving security-related initiatives in collaboration with internal stakeholders. You will bring a wealth of technical expertise and industry experience spanning application security, cloud security, DevSecOps and CI/CD. The ideal candidate for this role has extensive industry experience with a strong technical background, is self-driven, with the ability to translate business objectives into technical requirements. 

Responsibilities: 

·       Drive security roadmap for SSDLC adoption across product portfolio, designing security practices in alignment with DevSecOps principles 

·       Establish guidelines and architectural principles based on industry best practices for both cloud-native and on-premise solutions 

·       Develop and implement comprehensive approach to addressing security risks in AI based technologies, including frameworks, tools and processes 

·       Partner with Engineering, DevOps and SRE and collaborate on cross functional initiatives 

·       Propose and drive organization-wide security initiatives aligned with business goals 

·       Provide technical guidance to associates in security and engineering as necessary 

To be considered for this role, you must have:

·       10+ years of progressive experience in information security including technical leadership roles 

·       Extensive experience with secure software development lifecycle, security testing, vulnerability management 

·       Experience with cloud technologies (AWS, Azure), security testing and automation (SAST, DAST, SCA), and AI/ML technologies 

·       Deep understanding of DevSecOps principles and agile development 

·       Knowledge of secure architecture and design principles, industry standards (NIST SSDF, OWASP) and security best practices 

·       Ability to formulate strategic concepts, propose security solutions and communicate effectively to both technical staff and non-technical stakeholders. 

To be considered for this role, you must have at least two of the following:

·       Recognized industry certifications (CISSP, CSSLP, CISM, etc.) 

·       Participation in recognized industry working groups focused on information security 

·       Experience with governance and security certifications (SOC2, ISO27001, FIPS) 

·       Bsc/Msc degrees or equivalent formal education in cybersecurity or related fields

Tricentis Core Values
Knowing what we need to achieve and how to achieve it is important. Tricentis core values define our ways of working and the behaviors we model that create an enjoyable and successful Tricentis life.
 

·       Demonstrate Self-Awareness: Own your strengths and limitations.

·       Finish What We Start: Do what we say we are going to do.

·       Move Fast: Create momentum and efficiency.

·       Run Towards Change: Challenge the status quo.

·       Serve Our Customers & Communities: Create a positive experience with each interaction.

·       Solve Problems Together: We win or lose as one team.

·       Think Big & Believe: Set extraordinary goals and believe you can achieve them.

We offer:

·       Competitive salary + bonus

·       Favorable working atmosphere in a rapidly expanding company

·       Hybrid work environment

·       Personal and professional development

·       Variety of career opportunities and a wide range of tasks

·       Exciting office events and welfare activities. Join us for a rewarding work experience!

Tricentis is proud to be an equal opportunity workplace. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran.