Product Security Engineer II



Posted on Friday, May 17, 2024

Precisely is the leader in data integrity. We empower businesses to make more confident decisions based on trusted data through a unique combination of software, data enrichment products and strategic services. What does this mean to you? For starters, it means joining a company focused on delivering outstanding innovation and support that helps customers increase revenue, lower costs and reduce risk. In fact, Precisely powers better decisions for more than 12,000 global organizations, including 99 of the Fortune 100. Precisely's 2500 employees are unified by four company core values that are central to who we are and how we operate: Openness, Determination, Individuality, and Collaboration. We are committed to career development for our employees and offer opportunities for growth, learning and building community. With a "work from anywhere" culture, we celebrate diversity in a distributed environment with a presence in 30 countries as well as 20 offices in over 5 continents. Learn more about why it's an exciting time to join Precisely!

Intro and job overview:

Join our global Product Security team as an Application Security Specialist, leading key internal security programs across our diverse portfolio of 100+ products.

We are looking for someone to help collaborate across our network of Security Champions within Engineering, as well as with our SRE, Pipeline, Cloud and Ops teams for our SaaS and Hosted solutions, as well as our On Premise products.

Your role will help teams deliver threat models, drive security best practices, and advise on the latest security threats, trends and remediations.

You will integrate with our internal pen testing and red teaming activities, where experience in such fields, including bug bounty programs will be useful.

This is a role with many opportunities for growth and specialization.

Responsibilities and Duties:

  • Drive key internal security programs across our portfolio of products.
  • Consult on security best practices across our Engineering, Cloud, SRE, DevOps and Product management groups to achieve end to end security for our products.
  • Lead creation of product threat models and risk assessments.
  • Aid with the automating of security testing to ensure common compliance with internal standards.
  • Review and advise on security tooling usage and configuration across the product lifecycle.
  • Conduct trend analysis on results from security tools such as SCA, SAST, DAST, CSPM and Container Runtime Security tools, to provide unified solutions and guidance.
  • Research and review the latest security tools and techniques to deliver security and business value.
  • Assist our penetration testing team with reconnaissance and guidance towards potential application weaknesses to focus testing efforts.
  • Develop internal security standards and policies.
  • Develop and promote internal security training.
  • Maintain awareness of the latest security trends and zero-day findings.

Requirements and Qualifications:

  • 4/6 years minimum of Security Experience Required.
  • Proven leadership skills that demonstrate your ability to deliver results across an organization.
  • Proven experience of working across a wide range of application security programs and tools including SCA, SAST, DAST and beyond.
  • Experience of security testing web and non-web applications.
  • Proven understanding of application architectures, designs, and the tech stacks involved.
  • Cloud based security knowledge and the related attack vectors (AWS preferred, Azure / GCP of value).
  • Kubernetes related security and attack vectors (or other container-based deployments) useful.
  • Experience of DevSecOps and the common vulnerabilities / weaknesses within the software delivery pipeline.
  • Experience with scripting and automation (Python, Bash, PowerShell, workflow engines or other automation systems)
  • Awareness of OWASP, SANS and MITRE ATT&CK frameworks.
  • Demonstrated ability to mentor others.
  • Demonstrated excellence in English communication skills in a stakeholder facing environment.
  • Experience working within an agile scrum team desirable.
  • Must be self-directed, resilient, and creative.
  • Knowledge of FedRAMP requirements and processes advantageous.
  • Software Engineering background useful.
  • CISSP, CSSLP and other similar certifications beneficial.
  • Full agile scrum working experience a benefit.

#LI-AT1 #LI-Remote

It is a requirement for all roles at Precisely to adhere to applicable data privacy and security laws, rules, regulations, and company policies. For more information about Precisely’s privacy practices, please see our Privacy Notice: