As Staff Product Security Engineer, you will work with the technical leadership within Tango Card to grow, architect, develop, and implement product and application security programs.
As a Staff Level, you'll be the inventor and leader of the product and appsec program objectives and KPIs. You will partner with development leads on crafting and prototyping security features that support the CIA responsibilities for all Tango Card product offerings. At Tango Card, our Staff team members also help grow and mentor their teams, so someone who enjoys collaboration and leadership is a must! This role also has tactical duties which include: managing code vulnerabilities through the various testing platforms (SAST, DAST, IAST, SCA), code reviews, red teaming, hosting hacking tournaments, and ensuring the CI/CD product pipeline has security at all phases.
The successful candidate will be proactive in improving existing work, have knowledge in the application security domain to implement application controls, and have a good mix of development experience and background in information security. The ideal candidate will exhibit a very high standard of technical judgment, innovation, and execution to tackle open-ended problems.
This role reports to: Vice President, Information Security
As Staff Product Security Engineer at Tango Card, you will:
- Develop a strategic Application Product Security program of work.
- Partner with product engineering technical leaders to identify intrinsic product weaknesses, then build component-specific security roadmaps to address them.
- Design and prototype product security features such as: SAML access management, privacy encryption platform API DDoS prevention, secure libraries, tools, or services to prevent classes of risk and vulnerabilities.
- Develop testing strategy for continuous code testing.
- Lead and perform secure code reviews for new products, technologies, and services.
- Develop and deliver security training and outreach to internal development teams.
- Lead hack-a-thons for developers.
- Continuously remove application vulnerabilities.
- Perform and teach threat modeling and attack surface analysis/reduction.
- Create, measure, and refine metrics used to measure secure software development success, as well as program management success criteria.
To be effective as Staff Product Security Engineer at Tango Card, you have:
- 6+ years of experience as a security engineer in application security and/or securing cloud computing architectures
- 5+ years of experience as a developer of enterprise software using languages such as Java, Python, Go, C, C#, or C++
- Experience with infrastructure automation (Chef, CloudFormation, Jenkins)
- Experience with implementing identity management and identity federation (SAML, Oauth, SCIM, XACML)
- Experience with common red-teaming tools (such as Kali, Metasploit, or BurpSuite) to discover flaws in application code
- Extensive professional experience in application security architecture and design principles
- Skilled in team leadership, mentorship, or even management
- Skilled in automating security tests into the development process
- Knowledgable in threat modeling applications and assisting teams in security control development
- Able to identify and protect against a web application and web service security vulnerabilities including those found in the OWASP Top 10 or CWE Top 25
- College degree in related field or professional experience meeting responsibilities
Our ideal Staff Product Security Engineer will have most of the following knowledge, skills, and experience:
- Security certifications: CISSP, GWEB, GCSA, etc.
- Experience in many security systems including Security Information and Event Management (SIEM), Intrusion Detection, Prevention Systems (IDS/IPS), Vulnerability Management, Endpoint Detection and Response (EDR), or other associated tools
- Creativity and the initiative to operationalize existing manual processes for the Security Team
Please note: visa sponsorship is available for this position.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided