Listing Description
The Product Development team at Lula is growing and we are looking to bring on a Product Security Engineer. The role will focus on collaborating closely with the rest of Product Development team to implement a Secure Software Development Lifecycle from planning and design through monitoring and responding in production.
As a member of the team, the Product Security Engineer will be responsible for helping to develop and mature the Application Security Program at Lula.
What you'll be doing:
- Architect and develop cloud-based security capabilities, focusing on Identity and Access Management (IAM), Data Encryption and Protection, Network Security, and Cloud Platform Security. Research emerging security technologies and propose innovative, cutting-edge solutions to improve LULA’s security posture and capabilities continuously
- Serve as a vulnerability management SME
- Create and maintain scan profiles for automation application scanning tools
- Review vulnerability scan results and track closure of vulnerabilities
- Produce and track security metrics
- Support the secure development and testing of critical application areas
- Mentor and educate product development and quality engineers on secure development
- Monitor and review CVEs, industry developments, and provide inputs for continuous improvements
- Work with internal audits, IT Governance, IT Compliance and other key stakeholders on specific projects
- Develop and maintain enterprise security libraries, components, best practice checklists, and perform application security risk evaluation
- Partner with key stakeholders to further enhance application security CI/CD pipeline and continually assess security posture for improvement
What you'll bring:
- Bachelor’s and/or Master’s Degree or equivalent in Information Security, Engineering, Computer Science or related field
- 5+ years of combined Application Development and Security Engineering or Security Architecture experience
- Developer with strong application security acumen, hands-on experience with security design reviews and threat modeling
- Experience using Application Security Code Scanning tools
- Knowledge of secure coding best practices, secure SDLC, secure architecture, and operations
- In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them
- Experience working with security of application developed in .NET, Nodejs, and web (HTML/CSS/JS, Vuejs/React, REST) technologies
- Experience creating and managing policy, processes and procedure documents
- Strong analytical, interpersonal and communication skills
- Ability to train and mentor agile development teams
- Relevant industry security certification preferrred
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided