Listing Description

The Product Development team at Lula is growing and we are looking to bring on a Product Security Engineer. The role will focus on collaborating closely with the rest of Product Development team to implement a Secure Software Development Lifecycle from planning and design through monitoring and responding in production.

As a member of the team, the Product Security Engineer will be responsible for helping to develop and mature the Application Security Program at Lula.

What you'll be doing: 

• Architect and develop cloud-based security capabilities, focusing on Identity and Access Management (IAM), Data Encryption and Protection, Network Security, and Cloud Platform Security. Research emerging security technologies and propose innovative, cutting-edge solutions to improve LULA’s security posture and capabilities continuously


• Serve as a vulnerability management SME


• Create and maintain scan profiles for automation application scanning tools


• Review vulnerability scan results and track closure of vulnerabilities


• Produce and track security metrics


• Support the secure development and testing of critical application areas


• Mentor and educate product development and quality engineers on secure development


• Monitor and review CVEs, industry developments, and provide inputs for continuous improvements


• Work with internal audits, IT Governance, IT Compliance and other key stakeholders on specific projects


• Develop and maintain enterprise security libraries, components, best practice checklists, and perform application security risk evaluation


• Partner with key stakeholders to further enhance application security CI/CD pipeline and continually assess security posture for improvement

What you'll bring: 

• Bachelor’s and/or Master’s Degree or equivalent in Information Security, Engineering, Computer Science or related field


• 5+ years of combined Application Development and Security Engineering or Security Architecture experience


• Developer with strong application security acumen, hands-on experience with security design reviews and threat modeling


• Experience using Application Security Code Scanning tools


• Knowledge of secure coding best practices, secure SDLC, secure architecture, and operations


• In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them


• Experience working with security of application developed in .NET, Nodejs, and web (HTML/CSS/JS, Vuejs/React, REST) technologies


• Experience creating and managing policy, processes and procedure documents


• Strong analytical, interpersonal and communication skills


• Ability to train and mentor agile development teams


• Relevant industry security certification preferrred