Sr. Principal Product Security Engineer, GoLang - Secureworks - (100% US Remote; Work From Home; OR Austin, TX)
Primary Location: Austin
Sr. Principal Product Security Engineer
Location: Austin, TX; Columbia, MD; Atlanta, GA; Raleigh, NC or Remote
Secureworks® (NASDAQ: SCWX) a global cybersecurity leader, enables our customers and partners to outpace and outmaneuver adversaries with more precision, so they can rapidly adapt and respond to market forces to meet their business needs. With a unique combination of cloud-native, SaaS security platform and intelligence-driven security solutions, informed by 20+ years of threat intelligence and research, no other security platform is grounded and informed with this much real-world experience. www.secureworks.com
We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.
We are looking for a Sr. Product Security Engineer with broad knowledge of software, network, and cloud technologies to provide a powerful combination of leadership, implementation, and operational support to drive the security of our new product offerings. Your focus will be on growing our DevSecOps culture, leveraging OSS security testing tools, developing new custom security testing tools, performing vulnerability analysis (including pentesting of live systems), contributing security minded designs to our product architecture, and leading our internal bug bounty program. All of this work will cover a diverse technology stack from development through production, including the latest big data platforms and technologies (e.g. AWS/GCP/Azure, Kubernetes, Docker, Kafka, Spark, and more). All of your activities will secure a platform and product suite aimed at dramatically improving the security and threat detection capabilities of our customers. You will work in a fast-paced, startup-like environment with an experienced, cross-functional team of software engineers, data scientists, security experts, and product managers to build our next generation security platform leveraging large scale data science and machine learning.
The ideal candidate will have experience conducting platform / application security reviews, driving high impact security initiatives, and working on tools to automate application insight and vulnerability identification. We aim to scale the platform and application security of our product suite through actionable recommendations to our developers and automated visibility of critical system components. These ideals require exceptional technical expertise, a sound understanding of the fundamentals of computer security, cryptography, internet protocols, and practical experience pentesting / scanning public cloud infrastructure, containers and container orchestration solutions, microservice deployments, authentication and authorization systems, and public facing web applications. This position also requires experience with continuous integration and continuous delivery as well as designing, developing, and reviewing security architectures. The ideal candidate has thrived and succeeded in securing high quality technology products/services in a hyper-growth environment where priorities shift fast.
To learn more about one of our newly launched products that you will secure and develop, explore here.
- Provide technical leadership in performing security evaluations (e.g. pentesting, code audits, fuzzing, etc.) to drive tangible security improvements of a big data platform and corresponding suite of products, applications, and services.
- To remain ahead of emerging and active threats: leverage OSS pentesting tools, develop custom offensive and defensive tools, review and apply the latest security research / threat intelligence, orchestrate the response to internal security alerts, and hunt for bad actors targeting our systems.
- Create and foster a team-wide DevSecOps culture in developing, deploying, and monitoring complex applications and core infrastructure.
- Collaborate with engineers and product managers on defining, prioritizing, and implementing new security focused improvements, enhancements, or fundamental architectural design changes.
- Kickstart and coordinate an internally focused bug bounty program.
- Serve as a security subject matter expert working with internal engineers and data scientists on developing, prototyping, and deploying new ideas to detect and mitigate threats or active attacks against our customers as part of our platform and product offerings.
- B.S. in Computer Science or a related technical field, with significant emphasis on security related topics.
- Minimum of 3 years of proven experience of application security engineering, especially involving cloud environment security controls and paradigms on AWS/GCP/Azure.
- Minimum of 3 years of experience developing, testing, securing, and reviewing significant Golang deployments.
- Minimum of 5 years of hands-on experience conducting fuzz testing, penetration testing, DAST/SAST pipelines, and source code review.
- Minimum of 5 years of relevant technical or operational experience attacking and/or defending live applications and systems.
- Adept skill to rapidly determine the severity of a vulnerability or threat and their impact on our platform and suite of products/applications.
- Knowledge of continuous integration and continuous deployment methodologies, particularly integrating security focused jobs into existing CICD pipelines (e.g. gitlab, jenkins, spinnaker, travis).
- Significant experience developing, testing, securing, and reviewing Docker container deployments.
- Graduate degree in Computer Science or a related technical field, with significant work focused on application, operating system, or network security topics.
- Prior experience working on geographically distributed teams in an entrepreneurial environment.
- Experience implementing “Security Chaos Engineering” in production environments.
- Familiarity with packet captures, network flows, log data, malware analysis, etc.
- Familiarity with deploying infrastructure as code (e.g. Ansible, Terraform, AWS CloudFormation, Google Cloud Deployment Manager, Azure Resource Manager).
- Experience with big data platforms (e.g. Hadoop, Spark, Kafka, Flink).
- Experience with distributed NoSQL databases (e.g. Elasticsearch, Athena/Presto, Cassandra/HBase/Accumulo).
- Familiarity with profilers, monitoring, and alerting services (e.g. DataDog, Statsd/Grafana, Prometheus, ELK, Prometheus).
- Familiarity with container-based orchestration and deployment systems (e.g. Docker, rkt, Kubernetes, Mesos/Marathon).
- Experience with networks, routing, VPCs, WAFs, CDNs, VPNs, cloud/software-defined infrastructure, and application security.
- Familiarity with the core concepts behind bug bounty programs, including the ability to determine target objectives and their appropriate reward levels.
Secureworks (A Dell Technologies Company) is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics. Learn more about Diversity and Inclusion at Secureworkshere.
LIPRIORITYJob ID: R072804