Senior Product Security Engineer

Company:  Davita Inc.
Location: Pleasanton
Closing Date: 25/10/2024
Salary: £150 - £200 Per Annum
Hours: Full Time
Type: Permanent
Apply Now
Job Requirements / Description

Overview

Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the understanding and management of experience for candidates, customers, employees, patients, citizens and residents.

We are more than a software company. We want to be known as a company that does the right thing, no matter the challenge or controversy. We are committed to creating a culture that values every person and every experience. Individual life experiences shape the way we interact with the world, which is why we encourage people to bring their whole selves to work each day. The strength of our global workforce is the most significant contributor to our success.

We believe: Every Experience Matters. Talent is Everywhere. All Belong Here.

At Medallia, we hire the whole person.

The Role and Team

At Medallia, the Product Security team's mission is to build customer trust in Medallia's products by setting the standards and principles for secure development and validating our security through continuous assessment.

This Product Security role is crucial for maturing our security program within the development lifecycle of our product portfolio and offers tremendous growth opportunities at a security-conscious company on a high growth trajectory. As Medallia becomes a trusted partner to organizations across the globe and spanning several industry verticals, it is more important than ever that we continue to stay a step ahead in securing our applications, services and data.

The Senior Product Security Engineer role will work closely with our global engineering teams and ensure that we build secure and robust software in the world of SecDevOps and Agile. We are looking for a candidate who is passionate about security, has a strong technical background and loves creating innovative solutions to challenging problems.

Responsibilities

  • Perform application security assessments including architecture review, threat modeling, code review and penetration testing, Bug Bounty triaging on both web and mobile (iOS, Android, and React Native) platforms.
  • Assist and enable engineering teams to adopt secure development practices.
  • Provide software security advice to cross-functional teams including product, engineering, and services.
  • Create and refine the Security Champions Program to align with Medallia's security goals and objectives.
  • Extensive development experience to write automation scripts, conduct in-depth code reviews, identify and address security vulnerabilities, and integrate security features into the application lifecycle.
  • Work closely with engineering and product teams to drive security issues to resolution.
  • Develop and mature software security guidance including training materials, best practices, secure development standards, etc.
  • Automate security testing at scale by building and implementing static (SAST), dynamic analysis tools (DAST), SCA, and integrating security into the software development lifecycle using CI/CD process.
  • Employ knowledge and deep understanding of the threat landscape, SaaS industry, and customer feedback to drive the pipeline of impactful security features.

Qualifications

Minimum Qualifications:

  • 4 years of experience with software security assessments and remediation in Java (or other object-oriented languages).
  • Demonstrated experience in at least two of the following areas: architecture review/threat modeling, penetration testing, and static code analysis automation.
  • Demonstrated experience with tools and technologies used throughout secure SDLC (e.g., Checkmarx, Fortify SCA, Coverity, AppScan Standard/Enterprise, WebInspect, Netsparker, Burp Suite, Nessus, etc.).
  • Have set-up or supported bug bounty programs.
  • Advocated for security within teams by clearly articulating security risks and mitigation strategies, ensuring that security considerations are prioritized in product development and operational processes.
  • Developed comprehensive security documentation, including threat models, security coding practices. Ensured documentation was clear, accurate, and useful for both technical and non-technical stakeholders.

Preferred Qualifications:

  • 5+ years of experience with software security assessments and remediation in Java (or other object-oriented languages).
  • Independent problem-solving capabilities and excellent communication skills.
  • Drive to take ownership of projects and drive resolution without close supervision.
  • Proven ability to work collaboratively across and within teams.
  • CISSP or CSSLP certification.
  • Knowledge of OSS scanning tools like Black Duck, SRC:CLR, Defensics, Snyk.
  • Knowledge of Node.js or any modern JS framework (such as React.js), or with native mobile development. Knowledge of popular web development frameworks (AngularJS, React, Redux, Velocity, StringTemplate, jQuery, Jackson, THRIFT, etc.).
  • Proficiency with Python, Ruby, or other scripting languages.
  • Knowledge of microservices architecture and containers.
  • Experience working in a compliance-focused environment. Knowledge of FedRAMP (Federal Risk Authorization Management Program) and FISMA (Federal Information Systems Management Act).
#J-18808-Ljbffr
Apply Now
Apply Now
Share this job
Davita Inc.
Useful Links
More Jobs in Pleasanton
Full Time Jobs in Pleasanton
Part Time Jobs in Pleasanton
Management Jobs
Security Jobs
Sales Jobs
Engineering Jobs
An error has occurred. This application may no longer respond until reloaded. Reload 🗙