Product Security Engineer - “Appsec”

Product Security Engineer – “Appsec”

2+ years of demonstrable experience in Application Security, Software Engineering, or a related field. Relevant internships, coursework and extra-curricular activities may also be considered as experience.
Strong understanding of web application security, authentication, authorization, and encryption concepts.
Familiarity with leading secure coding principles, frameworks, and guidance such as OWASP Top 10 and NIST Special Publications.
Basic proficiency in at least one programming language (e.g., Python, Java).
Hands-on experience with leading SAST, DAST, SCA, and API Security related tools and methodologies.
Analytical mindset and approach to addressing security findings, issue prioritization, and stakeholder articulation.
Ability to work cross-functionality with globally dispersed engineers, product teams, and cyber peers.
Ability to work independently in a fast-paced environment with a proven ability to manage competing priorities.
Excellent written and verbal communication skills (English)

Perform all aspects of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Application Programming Interface (API) Security assessments to identify code vulnerabilities, architectural misconfigurations and runtime security weaknesses.
Evaluate the use of third-party code libraries by driving Software Composition Analysis (SCA) and supporting Software Bill of Materials (SBOM) development tasks.
Contribute to Threat Modeling and Design Reviews by identifying AppSec relevant gaps and proposing to cross-functional teams secure design patterns which are aligned with best practices and regulatory requirements.
Provide actionable and impactful remediation guidance to Software Development and Engineering teams ensuring security findings are understood and fixes are implemented in a timely manner.
Monitor and support the configuration, execution, and optimization of our AppSec tools and seamless integration with CI/CD pipelines.
Facilitate knowledge sharing and security best practices adoption by conducting training sessions (live and recorded) and developing security-relevant documentation.
Partner with other Cybersecurity peers to advance the continuous improvement of our enterprise-wide cybersecurity controls, development processes, governance policies / standards, and other initiatives related to holistic cybersecurity.
Demonstrate initiative, strong customer orientation, and cross-cultural working.

At least 4+ years of providing AppSec capabilities for a SaaS/cloud service provider.
Prior experience as a Software Developer, Infrastructure Engineer, and/or Product Security Engineer.
Experience providing AppSec capabilities within a highly regulated and global business environment, particularly in the healthcare and/or clinical research industry (added plus).
Operational familiarity with leading Product Security enabling and adjacent technologies such as GitHub Advanced Security, Sonarcube, 42Crunch API Security, InsightAppSec, Wiz, Splunk Cloud, or their equivalents.
Expert-level proficiency in all aspects of the AppSec Domain, CI/CD pipelines, and DevSecOps principles.
Strong understanding of Amazon Web Services (AWS) as an Infrastructure provider, Containerization (Kubernetes), Serverless Computing, Infrastructure-as-Code, and other next generation Cloud Computing technologies and engineering approaches.
At least one relevant cybersecurity certifications such as CISSP, CEH, OSCP, AWS Certifications, etc.