Senior Product Security Engineer

Overview

Lead integration of security into DevOps and product development lifecycle

Key Responsibilities

• security automation
• ci/cd integration
• application scanning
• tool management
• compliance support
• incident response

Tasks

-Tooling & Automation: Automate security testing at various stages within the CI/CD pipelines. Consume a variety of application security tools (DAST, SAST, SCA, Credential Scanning, IAC scanning) to secure web applications during development and production run-time. Manage and operate our critical security tools, ensuring maximum efficiency and coverage. -Resilience & Compliance: Partnering with GRC to ensure adherence to industry standards and collaborating with Security Operations to provide crucial support during the investigation and response to security incidents. -Leading Security Integration: Champion efforts to fully integrate security into our DevOps processes, promoting a culture of security ownership and awareness across the organization. Work with the software and product teams to help ensure applications are designed and implemented securely during the SDLC.

Requirements

• sast
• sca
• docker
• kubernetes
• aws
• devops

What You Bring

-Hands-on experience implementing security tools into CI/CD pipelines and IDE interfaces including Static Application Security Testing (SAST) and Static Application Analysis (SCA) solutions. -A track record of commitment to prior employers or a track record of delivering long-term impact to prior employers. -Experience with web application penetration testing and identifying attack chains to evaluate the severity of vulnerabilities. -5+ years experience in a Product/Application Security or DevSecOps role. -Strong knowledge of DevOps principles and practices, as well as security best practices. -Bachelor’s degree required from an accredited, not for profit university or college (preferably in Computer Science/Cybersecurity or related field). -Experience coordinating with application teams to drive security by design principles. -Experience with container security (Docker, ECS, Kubernetes) and cloud security (AWS, Azure, or GCP). -Ability to communicate effectively with both cybersecurity and engineering teams. -Ability to collaborate across Product, Security, DevOps, Product, and development teams.. -Proficiency in scripting and automation (e.g., Java, C/C++, C#, Python, JavaScript, PowerShell) -Hands-On Security Mastery: Acting as the primary security advisor, you'll conduct implementation reviews of solution designs, lead crucial threat modeling sessions, and perform hands-on security code reviews. -Experience testing modern applications in cloud-native tech stacks. -Knowledge of infrastructure operations across databases, network, and system administration. -Strong communication skills with both software development and software leadership audiences, including the ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation. -A self-starter who can advance the application security program and follow-through ideas to completion.

People Also Searched For

Benefits

-Continuous opportunities to leap, learn and grow in a team that values creativity and innovation; -First-rate parental leave; -Hybrid working;

About Costar Group

-Offers comprehensive data on properties, tenants, leases, and market conditions globally. -Known for its pioneering technology and research, delivers powerful insights to commercial real estate professionals. -Its旗舰平台, CoStar, provides unmatched property data, news, and analytics. -Platforms used by real estate professionals, from brokers to investors to property managers. -Expanded through strategic acquisitions, including the purchase of LoopNet and Apartments.com. -Data-driven insights help clients make informed investment and leasing decisions, shaping the global real estate market.

Sector Specialisms