Full Job Description
Summary:
Delinea's Cybersecurity organization is seeking an experienced Senior Product Security Engineer to provide technical leadership and execution for an industry-leading Product Security Program. This critical role is expected to be a key player in the rollout, implementation, and maturity of Product Security initiatives.
The ideal candidate will be highly collaborative, working alongside Enterprise Architecture, Development, and DevOps teams to lead and implement Product Security initiatives such as SAST, DAST, SCA, API Security, Vulnerability Management, etc. The candidate must be able to balance the right level of security with business objectives, comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences, and work to creatively solve complex Product Security related problems.
This role reports to the Sr. Director of Product Security, is based in the US, and is fully remote.
What You'll Do:
Provide strong leadership and be a security thought leader across Delinea's product offerings
Gain an understanding of current product security program state and partner with the team to define future state and multi-year roadmaps
Promote strategic direction and influence security architecture adoption in product strategy and roadmap
Use knowledge of current product security best practices and industry trends to advise on the secure design of Delinea products and services
Perform end-to-end security architecture reviews
Perform Threat Modelling, assess and document product risks and/or application designs.
Participate in expanding/maturing Delinea's S-SDLC program
Maintain and mature Product Security tooling (e.g. SAST, SCA, DAST, ASPM)
Conduct security and code reviews
Provide guidance on vulnerability management best practices and assist in remediation activities
Stay up to date on the threat landscape, current technologies, security compliance requirements, standards, and industry trends in order to help achieve cybersecurity's goals.
Provide mentorship and guidance to other team members
What You'll Bring:
Bachelor's degree in Computer Science, Information Security, similar related field, or equivalent experience.
Eight (8) years of professional work experience in Cybersecurity with a minimum of five years in a Product Security role that includes Security Architecture, Threat Modeling, Secure Design, AppSec tooling, Vulnerability Remediation, or similar activities.
Well versed in current Product Security threat landscape and industry best practices.
Experience performing Threat Modeling and Product Security design reviews and incorporating them as part of SSDLC processes.
Experience in the following technologies:
o Cloud Security
o Cryptography
o Secure Design reviews and Threat Modeling
o SaaS multi-tenant product architecture
o REST APIs
o Containers (Docker, Kubernetes, or similar)
o Integration of Security testing tools into development pipelines
o Defect tracking (Jira, Bugzilla, ServiceNow, or similar)
o Source code management (ADO, GitLab, GitHub, or similar)
o Application security testing tools (SAST, DAST, IAST, SCA, or similar)
Familiar with common programming languages (Python, C#.NET, etc.) and able to develop scripts for automation purposes
Strong leadership, communication, and interpersonal skills, with the ability to influence stakeholders at all levels of the organization
Strong analytical skills with the ability to prioritize, manage competing demands, and meet deadlines
Strong communications skills both verbal & written with the ability to describe technical security issues in plain language
We'd Love to See:
Strong understanding of cybersecurity frameworks, risk management principles, and industry standards (e.g., NIST, ISO 27001, CIS, GDPR)
Solid understanding of cloud security technologies including container security, serverless security, network and application security, and access management.
Software engineering and/or development experience
Cybersecurity certifications (e.g., CISSP, CSSLP, CISM, or similar)
Proficiency with Azure and AWS
We take care of our employees. We offer competitive salaries, a meaningful bonus program, and excellent benefits, including healthcare insurance, as well as pension/retirement matching, comprehensive life insurance, an employee assistance program, time off plans, and paid company holidays.