at Trellix in Montpelier, Vermont, United States
Product Security Engineer
In this role, you will be responsible for providing architectural and technical guidance to product security across all of McAfee. You will design, plan and implement secure coding practices and security testing methodology; ensure practices meet software certification processes; drive the security testing of the products; test and evaluate security related tools; and manage 3rd party vendors to meet those responsibilities above.
You will be deeply embedded in our Product Management and Engineering teams. You will have responsibilities for secure development methodologies and mechanisms for all McAfee products and services. You will participate in SDL and drive software security maturity. You will drive effective integration and adoption of best practices, latest methods & techniques in identifying design flaws and software issues. You will work with our security champs, security champ leaders and other security teams to make sure our products are delivered securely.
Trellix is a global company redefining the future of cybersecurity. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix’s security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to empower over 40,000 business and government customers. More at https://trellix.com .
About the role:
+ Drive overall product security architecture
+ Provide technical leadership in the comprehensive planning, development, and execution of our product security efforts
+ Provide planning and input into the software engineering and product development process, related to security, sensitive to the constraints and needs of the business
+ Ensure, and create as needed, security policies, processes, practices and operations to ensure reproducible development and high quality, while keeping costs under control
+ Engage in hands-on, in-depth analysis, review and design of the software, including technical review and analysis of source code with a security perspective. Will include reviews of in-house developed code, as well as review of technologies provided by 3rd party vendors.
+ Provide training to staff, contractors, development and QA teams, and product/software security champions related to product security
+ Use programming skills to build and improve security tools and automation platforms
+ Improve our security champions program by working with our security champions and security champion leaders
+ Lead the training program for security champions and engineering teams
+ Develop solutions for the automation, security, audit and compliance monitoring
+ Guide McAfee’s software development teams through our Security Development Lifecycle (SDL) by participating in design reviews, threat modeling, and in-depth security penetration testing of our code and systems.
+ Conduct cloud security assessment to identify areas of risk and ensure any gaps are remediated
+ Define and implement appropriate policies for AWS/Azure security solutions
+ Bachelor’s degree in computer science or a technology related filed required
+ At least 3 years of experience in security testing and product security
+ Experience in driving effective implementation & adoption of Security Development Lifecycle (SDL) and software maturity model
+ Demonstrated knowledge and experience with web security and secure development practices
+ Demonstrated knowledge of secrets management, cryptography, and authentication and authorization protocols such as OIDC, OAuth, and SAML
+ Working experience with static and dynamic vulnerability identification using industry leading scanning tools and manual code reviews
+ Prior experiencing in implementing and integrating tools for static analysis, dynamic analysis, fuzzing, and penetration testing
+ Good cloud security experience (AWS/GCP/Azure)
+ Development experience with one of the following languages: Python, Java, Go or Ruby
+ Experience with common CI/CD and software deployment automation tools
+ Ability to build strong relationships, earning the confidence and trust of senior managers and team members.
+ Ability to effectively prioritize and manage multiple projects and responsibilities
+ High level of self-motivation, whilst comfortable working self-sufficiently in a fast paced and complex matrix business.
Company Benefits and Perks:
We work hard to embrace diversity and inclusion and encourage everyone at Trellix to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.
+ Pension and Retirement Plans
+ Medical, Dental and Vision Coverage
+ Paid Time Off
+ Paid Parental Leave
+ Support for Community Involvement
We’re serious about our commitment to diversity which is why Trellix prohibits discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.To view full details and how to apply, please login or create a Job Seeker account