Senior Product Security Engineer
| Company | Qualtrics |
|---|---|
| Location | Provo, UT, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Senior |
Requirements
- Expert knowledge of cloud security best practices including IaC, as it pertains to hardening a cloud-centric infrastructure.
- Minimum of 5-6 years of recent experience in product security, secure application development, and/or cybersecurity.
- Bachelor’s degree from an accredited college or university in Computer Science, Information Technology or Engineering or relevant work experience.
- Development experience using either Python, JavaScript, Ruby, Go, or other relevant language; minimum 5-6 years of recent work experience identifying and mitigating security issues in software and knowledge of secure code development best practices.
- Expert knowledge and ownership of SAST, SCA, DAST, and CNAPP tools.
- Experience securing CI/CD pipelines and secure configuration of version control systems.
- Familiarity with and have regularly conducted security reviews using application security frameworks (e.g., OWASP Top Ten).
- Relevant security certifications such as, but not limited to, CISSP, CEH, GWAPT, GPEN, OSCP, GCIH, OSEP.
- Experience evangelizing application security principles and topics through engineering forums, tech talks, etc.
- Excellent communication skills and meticulous attention to detail; experience in designing, analyzing, and conducting threat model assessments of enterprise software and services; penetration testing or red team experience is a plus.
Responsibilities
- Work with engineering teams to design and develop applications that incorporate security best principles. Serve as a key stakeholder and driving the implementation of secure coding best practices.
- Configure, monitor, and deploy monitoring and blocking rules on Qualtrics WAF interfaces.
- Expert experience with container security including image scanning, k8s security best practices, and container runtime security.
- Analyze software applications for security vulnerabilities using manual and automated source code review tooling.
- Identify security risks and weaknesses in software architecture by performing application threat modeling.
- Use security testing tools to identify, track, and fix vulnerabilities in applications and enterprise infrastructure.
- Maintain and generate reports on application and infrastructure security posture metrics, KPIs, and vulnerabilities to support enterprise and security architects.
- Coordinate internal pen test engagements with the Red Team and Engineering stakeholders.
- Serve as strategic advisor and thought expert to Engineering teams through multiple channels including application review sessions, threat modeling, and security champions program.
- Own and operate the Qualtrics vulnerability disclosure and bug bounty programs.
Preferred Qualifications
- Preferred: Advanced technical degree in Computer Science, Engineering, Mathematics, or other technical field from an accredited institution.