Key skills
Application SecurityThreat ModelingVulnerability ManagementSecure SDLCPythonNodeJSReactCloud SecuritySecurity ToolsAgile DevelopmentSecurity CertificationsSecurity FrameworksCommunication SkillsAIAnalyticsBootstrapAWSGCPGitHubBlockchainAgileSDLCCommunicationOWASPPenetration Testing
About this role
TRM Labs is a company that provides blockchain analytics and AI solutions to enhance security for law enforcement and financial institutions. They are seeking a Senior Product Security Engineer to lead application security initiatives, conduct security reviews, and develop best practices for securing their products and infrastructure.
Responsibilities:
- Lead application security reviews and threat modeling, including secure code review, architectural design, and testing
- Develop automated testing and mature our Secure SDLC
- Own and perform application security vulnerability management
- Coordinate penetration testing engagements
- Support software engineers and product teams by developing application security best practices
- Develop and maintain the bug bounty program
- Bootstrap platform security initiatives that help protect TRM data
- Inspire a culture of security across the engineering organization by fostering security champions within engineering teams and coordinating secure code training
Requirements:
- Minimum 8 years of experience in Software Development and testing
- BS (or equivalent) in Computer Science, Computer Engineering, or related field
- Proficiency in software development languages: Python, NodeJS, React
- Strong understanding of encryption, authentication, and authorization protocols
- Deep experience with common software flaws (e.g., OWASP and CWE), testing methodologies, and using common security tooling for testing
- Professional experience with open source, commercial, or native security solutions for cloud providers such as GCP and AWS. Experience with modern secure software development lifecycles, threat modeling, and best practices
- Experience with conducting efficient and comprehensive code security reviews on a daily or weekly basis
- Experience triaging and remediating vulnerabilities in software packages or libraries
- Experience with Software Security tools such as Github advanced security or other SAST, DAST, and SCA tools
- Experience with Web application testing frameworks such as BurpSuite, OWASP ZAP, etc
- Experience with Threat modeling tools such as OWASP Threat Dragon, etc
- Experience working in a previous agile-based software development role required
- Experience Red Teaming or penetration testing applications and infrastructure
- Professional experience with cloud providers (e.g., GCP and AWS), modern secure software development lifecycles, and best practices
- Strong written and verbal communication skills
- Security certifications such as OSCP, CEH, GWAPT are a plus
- Familiarity with security frameworks (e.g., NIST SP 800-171 SSDF) is a plus