Software Security Engineer – Product Security (DevSecOps)

What We Do

The Product Security team is a group of Builders, Breakers, and Fixers specializing in collaborative security engagement. The goal of the Software Security (DevSecOps) team is to provide self-service security by enabling the 3 Ways of DevOps: Fast Flow, Rapid Feedback, and Continuous Learning.

As the business continues its digital transformation, the DevSecOps team serves as a vanguard for promoting and enabling DevOps practices across the organization. We focus on integrating and improving existing processes, removing bottlenecks, and enabling safe experimentation whenever possible.

Job Description

We are seeking a highly skilled and experienced Software Security Engineer to join our Product Security team. The successful candidate will help ensure secure Software Development Life Cycle (SDLC) practices across the organization, from design through deployment.

In this role, you will partner with product development teams to scale secure development practices, improve automation and tooling, reduce remediation friction, and integrate security earlier into the software development lifecycle.

How Will You Make an Impact?

As a Senior Software Security Engineer, you will engage with product development teams across the organization and serve as a subject matter expert in secure software development practices, DevSecOps enablement, and application security.

You will collaborate closely with engineering teams to identify and mitigate security risks, improve security automation, and integrate scalable security solutions into software delivery workflows.

Key Responsibilities

• Work closely with development teams to identify and mitigate security risks in software and systems.
• Promote and enhance Secure SDLC practices through automation, tooling, architecture reviews, and scalable security integrations across the software development lifecycle.
• Conduct security assessments and code reviews to identify vulnerabilities and ensure compliance with security standards and best practices.
• Develop and maintain secure coding guidelines and provide training to development teams.
• Collaborate with cross-functional teams to support the timely delivery of secure software solutions.
• Mentor and train less experienced team members on technical and security-related topics.
• Develop solutions to automate security processes and workflows.
• Evaluate security tools and lead Proof of Concepts to support recommendations for tool acquisition, integration, and maintenance.
• Develop metrics and reporting to support remediation prioritization and continuous improvement initiatives.
• Identify and drive process improvements to increase productivity, reduce friction, and improve security outcomes.
• Contribute to the Product Security team’s strategy and long-term roadmap.

How Will You Get Here?

Education

• Bachelor’s or Master’s degree in Engineering, Computer Science, or equivalent work experience.

Experience

We are looking for candidates with 5+ years of relevant experience in software development and security, or an equivalent combination of experience and expertise, including:

• Experience writing and/or testing software applications, including automation.
• Experience working with container technologies and cloud providers such as AWS.
• Familiarity with one or more modern programming or scripting languages such as Python, Java, JavaScript, C/C++, .NET, Bash, PowerShell, or Ruby.
• Familiarity with development tools such as Git, Jira, Jenkins, Docker, Eclipse, Visual Studio, Visual Studio Code, and/or IntelliJ.
• Strong attention to detail with excellent interpersonal and time management skills.
• The ability to communicate effectively and professionally with a diverse group of stakeholders, including Vice Presidents, Directors, Managers, Developers, and Domain Experts.

Knowledge, Skills, Abilities

• Self-motivated individual with an agile and collaborative mindset.
• Experience performing application security assessments; participation in bug bounty programs, capture the flag (CTF) events, or the broader security community is a plus.
• Experience with mobile application security is a plus.
• A history of involvement in general information security practices and/or the security community.
• Strong written and verbal communication skills in English.