Product Security Engineer

The Product Security team is seeking a Product Security Engineer to implement secure development practices in a fast-paced, agile development environment.

You will be responsible for defining security requirements, adoption and configuration of security tooling and platforms, threat modeling and risk assessment, secure architecture reviews, secure code reviews and security testing.

Following a shift-left approach, you will partner closely with product engineering teams.

A successful candidate is a self-driven security professional, able to effectively communicate with stakeholders to improve product security posture.

Responsibilities: 



* Assess security posture of cloud environments of SaaS based products in Azure, identify risks and drive remediation and improvement to address the gaps 



* Partner with Engineering, DevOps and SRE to integrate secure development practices in each stage of SDLC 



* Perform threat modeling, security assessments and drive security testing for products 



* Understanding the Azure cloud adoption framework and security implications of building cloud-based products.

 



* Analyze security issues in products, Cloud environment and applications including triage coordination, tracking and remediation of security incidents 



* Continuously learn and stay up to date with new technologies, tooling and techniques in cloud and security



* Provide consultation and educate developers in SaaS security.

Participate in internal security community content and activities.

 

In order to be considered for this role, you must have: 



* 2+ years of experience in cybersecurity or related field 



* Solid understanding and experience with Microsoft Azure specifically and cloud computing in general and tooling around cloud security  



* Solid understanding of DevSecOps principles and CI/CD systems 



* Understanding of security concepts including common vulnerabilities (OWASP Top 10, SANS 25), secure development practices (code review, threat modeling), security tooling (SAST, DAST, SCA) 



* Ability to communicate and coordinate with stakeholders remotely 



* Passion to learn and grow in cybersecurity field.

Ability to mentor junior team members 



* Following is considered a plus: 



* Recognized industry certifications (CEH, OCSP, GIAC ...) 



* Experience with governance and security certifications (SOC2, ISO27001, FIPS) 



* Bsc/Msc degrees or equivalent formal education in cybersecurity or related fields

Tricentis Core Values
Knowing what we need to achieve and how to achieve it is important.

Tricentis core values define our ways of working and the behaviors we model that create an enjoyable and successful Tricentis life.


* Demonstrate Self-Awareness: Own your strengths and limitations.


* Finish What We Start: Do what we say we are going to do.


* Move Fast: Create momentum and efficiency.


* Run Towards Change: Ch...