Product Security Engineer - LULA San Francisco, California, United States Bookmark Share Print 91 0 1

Listing Description

The Product Development team at Lula is growing and we are looking to bring on a Product Security Engineer. The role will focus on collaborating closely with the rest of Product Development team to implement a Secure Software Development Lifecycle from planning and design through monitoring and responding in production.

As a member of the team, the Product Security Engineer will be responsible for helping to develop and mature the Application Security Program at Lula.

What you'll be doing: 

  • Architect and develop cloud-based security capabilities, focusing on Identity and Access Management (IAM), Data Encryption and Protection, Network Security, and Cloud Platform Security. Research emerging security technologies and propose innovative, cutting-edge solutions to improve LULA’s security posture and capabilities continuously

  • Serve as a vulnerability management SME

  • Create and maintain scan profiles for automation application scanning tools

  • Review vulnerability scan results and track closure of vulnerabilities

  • Produce and track security metrics

  • Support the secure development and testing of critical application areas

  • Mentor and educate product development and quality engineers on secure development

  • Monitor and review CVEs, industry developments, and provide inputs for continuous improvements

  • Work with internal audits, IT Governance, IT Compliance and other key stakeholders on specific projects

  • Develop and maintain enterprise security libraries, components, best practice checklists, and perform application security risk evaluation

  • Partner with key stakeholders to further enhance application security CI/CD pipeline and continually assess security posture for improvement

What you'll bring: 

  • Bachelor’s and/or Master’s Degree or equivalent in Information Security, Engineering, Computer Science or related field

  • 5+ years of combined Application Development and Security Engineering or Security Architecture experience

  • Developer with strong application security acumen, hands-on experience with security design reviews and threat modeling

  • Experience using Application Security Code Scanning tools

  • Knowledge of secure coding best practices, secure SDLC, secure architecture, and operations

  • In depth understanding of OWASP Top 10 Critical Web Application Security Risks, their identification, and architecture, design, coding patterns to mitigate them

  • Experience working with security of application developed in .NET, Nodejs, and web (HTML/CSS/JS, Vuejs/React, REST) technologies

  • Experience creating and managing policy, processes and procedure documents

  • Strong analytical, interpersonal and communication skills

  • Ability to train and mentor agile development teams

  • Relevant industry security certification preferrred

Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided


  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765