Key skills
CloudKubernetesPythonSDLCTerraformGoHelmCI/CDLeadershipCommunicationCollaborationTrivyOWASPPenetration Testing
About this role
Role Overview
- Secure Products & Infrastructure: Design, implement, and maintain security controls across applications, infrastructure, and CI/CD pipelines.
- Embed security requirements aligned with SOC 2, ISO 27001, and internal standards.
- Drive adoption and operationalization of SAST, DAST, container scanning, IaC security, and dependency analysis tooling.
- Integrate automated security testing into the SDLC to enable secure-by-design development.
- Offensive Security & Vulnerability Management: Lead application security reviews, threat modeling, vulnerability assessments, and penetration testing.
- Validate and prioritize findings based on exploitability and business impact.
- Partner with engineering teams to ensure timely, measurable remediation.
- Proactively identify and demonstrate security weaknesses to improve overall product resilience.
- Incident Response & Risk Reduction: Support investigation of product and infrastructure security incidents.
- Contribute to root cause analysis and durable remediation strategies.
- Identify systemic control gaps and implement long-term risk mitigation measures.
- Compliance & Assurance: Support product-level security reviews and audit activities.
- Coordinate evidence collection and control validation for SOC 2, ISO 27001, and enterprise requirements.
- Translate compliance requirements into actionable engineering controls.
- Cross-Product Security Leadership: Develop and maintain security expertise across multiple Mirantis products.
- Standardize security practices and tooling across teams.
- Strengthen program scalability and reduce single-point-of-failure risk.
- Security Advocacy & Enablement: Champion secure design principles and modern application security practices.
- Provide actionable guidance during architecture and code reviews.
- Drive continuous improvement and automation across the SDLC.
Requirements
- 5+ years of experience in product security, application security, or security engineering.
- Strong knowledge of common vulnerabilities (OWASP Top 10, SANS Top 25) and secure development practices.
- Demonstrated experience with manual penetration testing, threat modeling, and exploitation techniques.
- Hands-on experience with security tooling and automation, including: SAST / DAST tooling and CI/CD integration
- Container image scanning (e.g., Trivy, Grype, Anchore)
- IaC security (e.g., Terraform, Helm, KICS, Checkov)
- Dependency and software supply chain security tools
- Experience with vulnerability management platforms and remediation workflows.
- Experience working with containerized environments, Kubernetes, and cloud platforms.
- Proven ability to integrate and automate security controls within CI/CD pipelines.
- Strong collaboration and communication skills across engineering and product teams.
- Experience supporting SOC 2, ISO 27001, or similar compliance frameworks.
- Relevant certifications (OSCP, OSEP, OSWE, GPEN, GWEB, GWAPT, GCSA) strongly preferred.
- Proficiency in scripting or programming (Go, Python, or similar) is a plus.
Tech Stack
- Cloud
- Kubernetes
- Python
- SDLC
- Terraform
- Go
Benefits
- Competitive compensation package
- Strong benefits plan