Product Security Engineer, Senior

Company overview:

TraceLink’s software solutions and Opus Platform help the pharmaceutical industry digitize their supply chain and enable greater compliance, visibility, and decision making. It reduces disruption to the supply of medicines to patients who need them, anywhere in the world.

Founded in 2009 with the simple mission of protecting patients, today Tracelink has 8 offices, over 800 employees and more than 1300 customers in over 60 countries around the world. Our expanding product suite continues to protect patients and now also enhances multi-enterprise collaboration through innovative new applications such as MINT.

Tracelink is recognized as an industry leader by Gartner and IDC, and for having a great company culture by Comparably.

As part of the Security team, the Senior Product Security Engineer will support and advance the security of TraceLink’s applications. Working closely with Product, Cloud Operations, Services, and others in the Security team, this role will focus on driving increased maturity of security-related processed throughout the SDLC. This individual will serve as a Security Subject Matter Expert for priority products, conducting security assessments (hacking), developing automation, improving processes, managing vulnerabilities discovered by tooling, maintaining automated tooling, and developing and delivering training. 

Responsibilities

●    Provide guidance to teams on security best practices throughout the SDLC
○    Secure architectures and requirements
○    Threat modeling
○    Secure coding practices
○    Manual and automated code reviews
○    Analyze results from automated tools
○    Security assessments / white box testing
●    Join in regular security assessments of our products
●    Continually drive further maturity across TraceLink processes
●    Support efforts to address identifies security issues
●    Assist with maintaining, operating, and optimizing security testing tools such as SAST, SCA, and DAST
●    Maintain a high expertise level of the application security landscape and new threat vectors
●    Develop and support security needs of TraceLink’s partner program

Skills and Qualifications

●    8 years experience with securing cloud-native applications
●    4 years experience with the application of threat modeling or other risk identification techniques 
●    Strong knowledge of Application Security testing tools
●    Expert knowledge of OWASP Top 10, including avoidance and remediation techniques
●    Experience in remediating complex enterprise-level security issues
●    Strong knowledge of secure coding practices in both Java and JavaScript/NodeJS
●    Experience working with Agile/Scrum development methodology
●    Development experience with Java to maintain and enhance internal tooling
●    Experience automating tasks and analysis 
●    Strong analytical and problem solving skills
●    Strong verbal and written communication skills
●    Knowledge of microservices architecture and supporting technologies 
●    Bachelor’s degree or equivalent experience in Computer Science, Information Systems Security, or related field
●    CISSP, CCSP, CEH, CSSLP, CKS, AWS Security, OffSec, SANS Security, and other industry and vendor-specific security certifications

Please see the Tracelink Privacy Policy for more information on how Tracelink processes your personal information during the recruitment process and, if applicable based on your location, how you can exercise your privacy rights. If you have questions about this privacy notice or need to contact us in connection with your personal data, including any requests to exercise your legal rights referred to at the end of this notice, please contact Candidate-Privacy@tracelink.com.