Product Security Engineer II

Added: March 19, 2024
Precisely is the leader in data integrity. We empower businesses to make more confident decisions based on trusted data through a unique combination of software, data enrichment products and strategic services. What does this mean to you? For starters, it means joining a company focused on delivering outstanding innovation and support that helps customers increase revenue, lower costs and reduce risk. In fact, Precisely powers better decisions for more than 12,000 global organizations, including 99 of the Fortune 100. Precisely's 2500 employees are unified by four company core values that are central to who we are and how we operate: Openness, Determination, Individuality, and Collaboration. We are committed to career development for our employees and offer opportunities for growth, learning and building community. With a "work from anywhere" culture, we celebrate diversity in a distributed environment with a presence in 30 countries as well as 20 offices in over 5 continents. Learn more about why it's an exciting time to join Precisely!

Intro And Job Overview

As part of our global Product Security team, we are looking for a highly experienced application security person that can ethically hack our products, and help in all aspects of our secure development lifecycle. You will have the opportunity to lead many of our internal security programs, across our portfolio of 100+ products, while giving and receiving peer guidance and mentorship. Our product portfolio is highly varied, from cloud-based web applications & API’s, web connected desktop apps and services, high volume data processing systems & middleware, through to mainframes, big data platforms and even mobile apps. You will work across this global portfolio in collaboration with other members of our skilled internal security team, performing ethical hacking, threat modelling and advising on the latest security treats and remediation.

With a proven record of discovering hard to find security issues in web, and thick client products, you will be expected to mentor others on offensive security test techniques, offer guidance during pen testing, and become a respected authority on security across our global network of security champions and engineers. Knowledge of cloud and container specific attack vectors (AWS & Kubernetes ideally) will be vital, as we grow out our SaaS footprint. Experience with Threat Modelling, or software design and architecture will certainly benefit your close working relationship with engineering.

Responsibilities And Duties

  • Ethically hack the wide range of internally developed products.
  • Assist with Threat Modelling sessions and product design security reviews.
  • Collaborate with the application development teams to ensure a common and shared understanding of any security issues.
  • Develop security standards for application development & deployment to head off the latest risks and vulnerabilities.
  • Mentor & train peers in advanced security testing, tools, and automation.
  • Review and understand results from SCA, SAST, DAST and other vulnerability scanning tools.
  • Research and advise on usage of the latest tools and techniques to ethically hack and defend applications.
  • Review remediation plans with Software Engineering teams around security issues and promote secure software development techniques.
  • Maintain awareness of the latest security trends and zero-day findings.

Requirements And Qualifications

  • 4/6+ years of Security Experience Required.
  • Proven experience in ethical hacking of web applications through penetration testing or red teaming. Bug bounty success ideal.
  • Experience of security testing non-web applications is highly desirable, including mainframe.
  • Advanced knowledge of security tooling and vulnerability toolkits.
  • Good understanding of application architectures designs, and the common tech stacks involved.
  • OWASP, SANS and MITRE ATT&CK frameworks.
  • Full understanding of the OWASP Top 10 Risks, and how to mitigate them.
  • Common authentications models (SAML, OAuth, OIDC, JWT).
  • AWS related security and attack vectors (or Azure / GCP) essential.
  • Kubernetes related security and attack vectors (or other container-based deployments) useful.
  • Experience of leading security tooling (SCA, SAST, DAST and beyond).
  • Proven knowledge of WAF / DDoS protection options and virtual patching techniques.
  • Experience of DevSecOps, and the common vulnerabilities and weaknesses within the software delivery pipeline.
  • Experience with scripting and automation (Python, Bash, PowerShell, workflow engines or other automation systems).
  • Demonstrated ability to mentor others.
  • Demonstrated excellence in English communication skills in a stakeholder facing environment.
  • Experience working within an agile scrum team desirable.
  • Must be self-directed, resilient, and creative.
  • Software Engineering background useful.
  • CISSP, CSSLP and other similar certifications can help.
  • Full agile scrum working experience a benifit.

It is a requirement for all roles at Precisely to adhere to applicable data privacy and security laws, rules, regulations, and company policies. For more information about Precisely’s privacy practices, please see our Privacy Notice: