Connectwise
Location
Pune | India
Job description
The Principal Product Security Engineer is responsible for designing and implementing security best practices at each stage of the system development lifecycle, from design through production. This role works in partnership with cross-functional teams to act as a security subject matter expert, while supporting and advancing the security of ConnectWise applications.
Essential Duties & Responsibilities: • Establishes operational plans for the Product Security team • Develops and implements new products, processes, standards, and/or operational plans that will have an impact on the achievement of functional results • Provides support to the Product Security team(s), with a high attention to detail • May require communication with ConnectWise leadership • Conducts security assessments, threat modeling, and vulnerability reporting and develops security architecture patterns for implementing new solutions and products • Performs application security reviews for our products and services to identify and/or validate vulnerabilities and attack chains • Communicates findings, attack paths, and recommendations to technical and executive stakeholders through written reports and verbal presentations • Develops and maintains methodologies for penetration testing • Participates in decision-making, prioritization, and support throughout the secure software development life cycle (s-SDLC) on a variety of security domains • Participates in requirements gathering, secure coding and configuration, software testing, and third-party component management and defect management • Serves as a primary point of contact on secure development and security best practices • Consults cross-functionally to embed security gates into their existing SDLC, leveraging automation when possible • Drives the development of standards, practices, and processes to establish, manage, and report adherence to application security requirements and best practices • Attends regular stand-ups and planning meetings to build positive relationships with key stakeholders • Serves as the security authority on assigned products, ensuring the security controls are functioning, security requirements are provided before coding begins, and that vulnerabilities are fixed within their SLAs • Ensures s-SDLC controls are embedded in assigned product and serves as control owner for a subset of these controls • Engages in application and domain-specific threat modeling, as well as attack surface analysis and reduction Knowledge, Skills, and/or Abilities Required: • Ability to manage large projects and processes independently with limited supervision • Recognized expert in applicable work area • Ability to situationally adapt and understand new technology/processes as per business requirement • Strong ability to identify application vulnerabilities and advise on appropriate remediation • Solid understanding of common languages such as .NET, Python, JavaScript, Go, etc. • Strong foundation in core information security principles and concepts (encryption, authentication, etc.) • Effective communication skills, with the ability to explain sophisticated security topics in simple terms to technical and non-technical stakeholder • Strong ability to effectively prioritize competing deliverables in an accurate and timely manner. Educational/Vocational/Previous Experience Recommendations: • Bachelor’s degree in related field or equivalent business experience • 8+ years of relevant experience • Experience securing enterprise-grade web applications • Experience with automated application security tools and technologies (SAST, DAST, SCA, etc.) • Experience in web application security issues and standards (ex. OWASP Top 10, SANS Top 25, etc.)Job tags
Salary
