Golang Job: Senior Product Security Engineer

As a Senior Product Security Engineer, you will:

• Secure design, architecture, and implementation covering all steps of our Secure Software Development Life Cycle (SDLC).

• Support security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership.

• Conduct and Support Threat modeling sessions to guide secure design discussions and participate in risk assessments.

• Create security guidance and documentation, including compliance as code.

• Work closely with our Security Awareness team to provide first class application security interactive and targeted training to our engineers.

• Set a high standard for engineering quality and execution that leads to high quality product security artifacts to secure our products’ SDLCs.

About You

You’re a fit for the role of Support Product Security Engineer you have:

• Engineer Empathy: You have a strong understanding of how developers work and are able to present security initiatives to developers in a way that leverages that understanding.

• Knowledgeable in Application Security: You are passionate about application security including secure coding, supply chain security, and SecDevOps

• Drive to continually improve: You are able to analyze current processes and procedures and determine ways to improve and increase efficiency.

Technical Skills:

• Experience collaborating with product development teams directly to instill security.

• Experience building and reviewing threat models and recommending secure design patterns

• Experience assessing common security vulnerabilities and risks, as well as advising on countermeasures and compensating controls.

• Experience rolling out SAST, DAST and SCA and you are able to cut through the noise and the true positives.

• Experience with DevSecOps in a cloud native context and in integrating security in CI/CD pipelines (GitHub Actions preferred but experience with other Cis is good eg. Gitlab CI,…).

• Experience with automation in general consuming APIs, with plus when the automation is related to security tooling, proficiency in Python or Golang mandatory.

• Knowledge of one or more security frameworks OWASP’s ASVS, CIS Benchmarks, NIST SSDF,…

• Ability to manage and prioritize between multiple tasks and projects.

Additional Skills:

• Strong Communication Skills (verbal, written, ability to influence others)

• Learning Mindset (emerging technical trends, always learning)

• Agile Methodology experience

• Experience with Linux systems and containers

• Experience with AWS or Azure

• Infrastructure as code with Terraform

• Experience with Security tools (Web attack proxies, SAST, DAST, SCA)

• Bachelor’s Degree in computer science or related field and/or equivalent work experience

• Certifications: Offensive Security (OCSP, OSWE,...), SANS (GXPN,..), Kubernetes (CKA, CKS, CKAD)

What’s in it For You:

You will join our inclusive culture of world-class talent, where we are committed to your personal and professional growth through:

• Hybrid Work Model: Currently the majority of our employees are working within a hybrid environment consisting of in-office and remote work, and following local COVID-19 bylaws and guidelines.

• Culture: Globally recognized and award-winning reputation for equality, diversity and inclusion, flexibility, work-life balance, and more

• Wellbeing: Comprehensive benefit plans; flexible and supportive benefits for work-life balance: company-wide Mental Health Day Off; Headspace app subscription; retirement, savings, tuition reimbursement, and employee incentive programs; resources for mental, physical, and financial wellbeing

• Learning & Development: LinkedIn Learning access; internal Talent Marketplace with opportunities to work on projects cross-company; Ten Thousand Coffees Thomson Reuters café networking

• Social Impact: Eight employee-driven Business Resource Groups; two paid volunteer days annually; Environmental, Social and Governance (ESG) initiatives for local and global impact