Key skills
Secure Software Development Lifecycle (SDLC)Application SecurityProduct SecurityCloud SecurityAWSGoogle Cloud Platform (GCP)Microsoft AzureContainerizationDockerKubernetesAPI SecurityDevSecOpsInfrastructure as Code (IaC)CI/CD PipelinesPythonShell ScriptingLinuxCISSPCASP+GSLCCISMShellAzureGCPK8sSDLCCI/CDCommunication
About this role
Uplight is creating innovative software solutions to manage energy resources and accelerate the transition to clean energy. They are seeking a Senior Product Security Engineer to support and improve the Secure Software Development Lifecycle, implement security best practices, and lead security projects to enhance the company's security posture.
Responsibilities:
- Support, implement, and improve Secure Software Development Lifecycle (SDLC)
- Act as a consultant to the design and development stages of SDLC
- Document and work with product and engineering teams to implement security best practices and system configuration standards
- Support Asset Management initiatives to ensure all assets are tagged and classified
- Work with outside parties to perform penetration tests
- Perform Security Architecture, AppSec and Risk Assessments
- Perform Threat Modelling
- Analyze, manage, and work with other teams to address vulnerabilities, code weaknesses, misconfigurations, and non-compliance findings
- Coordinate and participate in Disaster Recovery exercises, including Backup tests
- Maintain and administer security tooling
- Lead security projects dedicated to improving Uplights's security posture
- Respond to and assist with incidents as needed or assigned
- Implement and be responsible for best product security practices and procedures
- Perform an on-call shift rotation
- Demonstrate effective communication skills, both verbal and written
Requirements:
- Advanced experience in securing applications and application settings
- Advanced experience in app and product security
- Advanced understanding in securing cloud technologies
- Experience with technologies from at least one public cloud (AWS, GCP, Azure)
- Experience in securing containerization (Docker, K8s, etc) and API
- Experience with modern DevSecOps practices including implementing automated security in IaC and CI/CD pipelines
- Strong scripting skills Python/Shell Scripting experience
- Mid to advanced level Linux knowledge in a physical, virtual, or public cloud environment
- Exceptional verbal and written communication skills are necessary to effectively collaborate with peers, and to present and explain highly technical information to stakeholders who may have limited technical knowledge
- CISSP, CASP+, GSLC, CISM certified