Senior Product Security Engineer

Senior Product Security Engineer

Requirements

• 4-6 years of experience in a Product Security role.
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities.
• Strong understanding of: Threat modelling methodologies such as MITRE ATT&CK, STRIDE, and PASTA; Amazon AWS Services, MS Azure, and their capabilities; Securing web applications; Orchestration tools (ex. Ansible, Terraform); Automation scripting (e.g. Python, Django, etc.)
• Experience with frameworks such as OWASP Top 10, SAST/DAST tools, and CI/CD pipelines.
• Fluency in Python, React, and Django Rest Framework.
• Experience with manual source code review, and embedding security to code in production environments.
• Experience with deploying application security tools in the CI/CD pipeline.
• Experience with securing software development lifecycle including building programs that eliminate full classes of vulnerabilities.
• Excellent communication and interpersonal skills.
• Ability to work independently and within a team.
• Strong organizational and time-management abilities.

Responsibilities

• Perform threat modelling application design solutions and vulnerability assessments to identify relevant risks, security gaps or risks in product design and development.
• Maintain documentation of security controls and processes.
• Prepare reports on security risks and mitigation efforts for management and regulatory bodies.
• Audit source code and perform code review for critical application changes.
• Implement security tooling and automation to scale the Product Security team’s practices.
• Advocate for and integrate security best practices in the Software Development Lifecycle (SDLC).
• Conduct code reviews, penetration testing, and static/dynamic analysis.
• Ensure compliance with industry standards (e.g., AICPA SOC2, HIPAA, PCI DSS, SOX ISO 27001, NIST CSF).
• Monitor and address security incidents impacting Wave products.
• Implement and manage SOAR solutions to improve incident response times and efficiency.
• Working with product and engineering teams to design, program development, software development and implement security controls and protections within the product via automation.
• Integrate security tools and technologies into the CI/CD pipeline (e.g., static and dynamic application security testing (SAST/DAST), software composition analysis (SCA), and infrastructure-as-code (IaC) scanning).
• Product roadmap planning with key stakeholders, collaboration with cross functional teams to develop mitigation strategies.
• Working closely and mentor Product, Engineering, and IT teams for security best practices.
• Provide security training and awareness for developers and stakeholders.
• Effectively communicate security, privacy risks and best practices to both technical and non-technical audiences.
• Ability to guide and influence Wave engineering teams on security matters.

Preferred Qualifications

• Certifications such as CISSP, CSSLP, CEH, or equivalent.
• Experience in IoT, embedded systems, or mobile app security.
• Knowledge of regulatory and compliance standards (e.g., AICPA SOC2, NIST CSF, GDPR, HIPAA)