The Senior Product Security Engineer will support building a secure SaaS product, native to AWS cloud.

This position will build a well-rounded SSDLC program with automation of controls in mind and take on common SSDLC challenges that a modern SaaS company faces as an industry. Will also have the opportunity to build a comprehensive security program with other SMEs as peers (cloud security, devops security, product security, corporate security, GRC, privacy, etc).

This position will work with the engineering team as well as with the product management team.

Essential Duties/Responsibilities

Develop secure software testing and validation procedures

Build security requirements for the product design specifications

Build security requirements for the engineering specifications

Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.

Mature SAST/DAST tooling with the DevSecOps engineers

Engineer guardrail solutions for the SaaS product and its operations that prevents security incidents and security defects

Job Requirements and Qualifications

Education:

Bachelor’s degree required/preferred; or equivalent education and/or related work experience.

Training Requirements (licenses, programs, or certificates): One or more of the following desired but not required

Certified Information Systems Security Professional (CISSP)

Certified Ethical Hacker (CEH)

Offensive Security Certified Professional (OSCP)

Experience:

Minimum 5 Years Application/Product Security Engineering experience

Past development experience is valued

Other Knowledge, Skills and Abilities:

Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Knowledge of computer programming principles

Knowledge of cybersecurity and privacy principles and methods that apply to software development.

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge of programming language structures and logic.

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge of software debugging principles.

Knowledge of software design tools, methods, and techniques.

Knowledge of software development models (e.g., Waterfall Model, Spiral Model, Agile, etc.).

Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.

Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language).

Knowledge of interpreted and compiled computer languages.

Knowledge of secure coding techniques.

Knowledge of secure software deployment methodologies, tools, and practices.

Knowledge of penetration testing principles, tools, and techniques.

Skill in developing and applying security system access controls.

Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Skill in using code analysis tools.

Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.

Skill in secure test plan design (e. g. unit, integration, system, acceptance).

Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity.

TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact recruiting@trinet.com to request such an accommodation.