Delinea is a pioneer in securing human and machine identities through intelligent, centralized authorization. They are seeking an experienced Senior Product Security Engineer to provide technical leadership and execution for an industry-leading Product Security Program.
Responsibilities:
- Provide strong leadership and be a security thought leader across Delinea’s product offerings
- Gain an understanding of current product security program state and partner with the team to define future state and multi-year roadmaps
- Promote strategic direction and influence security architecture adoption in product strategy and roadmap
- Use knowledge of current product security best practices and industry trends to advise on the secure design of Delinea products and services
- Perform end-to-end security architecture reviews
- Perform Threat Modelling, assess and document product risks and/or application designs
- Participate in expanding/maturing Delinea’s S-SDLC program
- Maintain and mature Product Security tooling (e.g. SAST, SCA, DAST, ASPM)
- Conduct security and code reviews
- Provide guidance on vulnerability management best practices and assist in remediation activities
- Stay up to date on the threat landscape, current technologies, security compliance requirements, standards, and industry trends in order to help achieve cybersecurity’s goals
- Provide mentorship and guidance to other team members
Requirements:
- Bachelor's degree in Computer Science, Information Security, similar related field, or equivalent experience
- Eight (8) years of professional work experience in Cybersecurity with a minimum of five years in a Product Security role that includes Security Architecture, Threat Modeling, Secure Design, AppSec tooling, Vulnerability Remediation, or similar activities
- Well versed in current Product Security threat landscape and industry best practices
- Experience performing Threat Modeling and Product Security design reviews and incorporating them as part of SSDLC processes
- Experience in the following technologies: Cloud Security, Cryptography, Secure Design reviews and Threat Modeling, SaaS multi-tenant product architecture, REST APIs, Containers (Docker, Kubernetes, or similar), Integration of Security testing tools into development pipelines, Defect tracking (Jira, Bugzilla, ServiceNow, or similar), Source code management (ADO, GitLab, GitHub, or similar), Application security testing tools (SAST, DAST, IAST, SCA, or similar)
- Familiar with common programming languages (Python, C#.NET, etc.) and able to develop scripts for automation purposes
- Strong leadership, communication, and interpersonal skills, with the ability to influence stakeholders at all levels of the organization
- Strong analytical skills with the ability to prioritize, manage competing demands, and meet deadlines
- Strong communications skills both verbal & written with the ability to describe technical security issues in plain language
- Strong understanding of cybersecurity frameworks, risk management principles, and industry standards (e.g., NIST, ISO 27001, CIS, GDPR)
- Solid understanding of cloud security technologies including container security, serverless security, network and application security, and access management
- Software engineering and/or development experience
- Cybersecurity certifications (e.g., CISSP, CSSLP, CISM, or similar)
- Proficiency with Azure and AWS