Product Security Engineer – Fedramp – Infosec
| Company | Palo Alto Networks |
|---|---|
| Location | Santa Clara, CA, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Mid Level, Senior |
Requirements
- 1+ years of hands-on experience in cybersecurity in general
- 2+ years experiences in application security, pen test, security benchmarks, and automation
- Security tooling and best practices, such as pre-commit/pre-receive hooks, dependency scanning, SAST, IAST, OSS, DAST, RASP, and vulnerability management
- Experienced on Security tools benchmarking and fine tuning
- Basic understanding of AI/ML security concepts, including adversarial attacks, model poisoning, and data privacy
- Familiarity with industry security standards and best practices (e.g., OWASP, NIST, ISO)
- Integration, design, and architecture of AWS and/or GCP services into IAM platforms
- Microservice architecture expertise and best practices in securing APIs across multi-cloud environments
- Effective written and oral communication with multiple levels of leadership involving both the business and technical sides of the business
- Bachelor’s degree from four-year college or university or equivalent training, education, and experience in information / cyber security, computer systems, IT, etc. or equivalent military experience required
Responsibilities
- Build next gen Appsec technologies with automation into complex engineering CI/CD pipelines
- Protect application security throughout the life-cycle in the cloud (GCP & AWS) and on the premise
- Build risk driven intelligent automation to optimize SAST, SCA, OSS, DAST, Infra as Code (IaC), RASP integrations with advanced tooling integration
- Evangelize and lead the adoption of SDLC and security best practices across the entire application lifecycle
- Contribute to the security assessment and mitigation strategies for AI/ML models and applications
- Define and implement security tooling with the goal of improving coverage and time to action
- Participate in the design and implementation of secure software development processes, including secure coding practices, security testing, and vulnerability management
- Improve security reporting, including coordinating vulnerability management, penetration testing, and infrastructure compliance
Preferred Qualifications
-
No preferred qualifications provided.