|Job Type:||Full Time|
As pioneers in audio and video technology, we at Poly uniquely understand the power of human connection. We've seen it drive innovation, solve problems, inspire action and power productivity. We are bringing together our portfolio of high-quality, proven products and services to connect people to what matters most -- whether it's their colleagues, customers, playlists or favorite games. Together, our technology will keep that connection strong and fuel a future collaboration and understanding, in spite of circumstances, distance or time zones.
The Senior Product Security Engineer works with a variety of engineering teams including product development, SQA, product and program management, technical documentation, product compliance and support throughout the software development lifecycle (SDLC). As an advocate for customer trust, you will drive and contribute to a broad range of security related activities which improve the security posture of our products and services.
You are a key influencer contributing significantly to architecture and application security reviews, development of security requirements, test cases and guidelines as well as application security testing, security code reviews, and ongoing security assessments.
- As a technical subject matter expert, evangelize application security throughout the product delivery process by working closely with the product and services engineering teams to drive adoption of internal security, privacy, and relevant compliance initiatives related to the development and delivery of products as well as cloud-based applications and services to our customers.
- Conduct regular security assessments, attack surface analysis, 3rd party security vulnerability assessments, static application security testing and security code reviews across a wide variety of products including cloud-based services and services delivery to customers to verify that security controls have been implemented correctly.
- Assist the product and services engineering teams in the interpretation and remediation of results of penetration testing and vulnerability assessments and common software security weaknesses.
- Define and contribute to the development of product security policies, standards and guidelines related to product and cloud security.
- Understand the Unified Communications threat landscape and interact directly with enterprise architecture, engineering, development, and quality teams to help them understand, avoid, and mitigate security issues while ensuring alignment between the security and enterprise architectures.
- Work with engineering, development, penetration testers and extended teams to implement new security technologies and processes, including the evaluation and recommendation of security controls, mitigation strategies and tools.
- Conduct security research to stay abreast of emerging security threats and industry best practices and advise the organization of potential risks and threat mitigation techniques.
- Proven track record and experience in performing software security assessments including vulnerability assessments, penetration testing, device hardening with a deep understanding of injection, cross-site scripting and web session management vulnerabilities.
- Degree in Computer Science, Information Security, Information Technology or equivalent professional experience with 5+ years of experience in the software development life cycle (SDLC)
- Experience in, and 5 plus years of technical knowledge of, network, system, and/or web application attacks and mitigations, and authentication and security protocols with a solid understanding of threats, vulnerabilities, risks, defenses, security principles and policies.
- 5 plus years of experience with security assessment technologies and analysis tools.
- Experience with secure coding techniques, static application security testing and security code reviews.
- 1+ year Programming experience in any language.
- Ability to communicate security and risk-related concepts to technical and non-technical audiences including executives and business stakeholders with the ability to lead and coordinate discussions.
- Experience with DevOps practices to ensure that security and privacy are considered and integrated into the build, test, and deploy cycle.
- Experience with one or more data security standards: Common Criteria, FIPS, ISO, PCI, HIPAA, FISMA, etc.
- Experience with threat modeling and attack vector analysis a plus
- Experience with incident response
- Experience with integration of automated security analysis tools with the SDLC
- Cloud or web applications and embedded (Linux or Android) product development experience a plus
- Microsoft Azure or Amazon AWS experience a plus
- Knowledge of score carding and metrics reporting