Product Security Engineer
Greater Denver Area
About SRS Acquiom
At SRS Acquiom, our sole focus is on making M&A deals happen more efficiently. Since 2007, we have been continuously innovating to solve issues for some of the industry’s most sophisticated buyers, sellers, and counsel. Our top-tier team has supported more than 2,000 deals including high-profile transactions such as Google’s acquisition of Nest, Facebook’s acquisition of Oculus and Yahoo’s acquisition of Tumblr. We are looking for extraordinary people to help drive our continued success. If you are looking to join a growing, entrepreneurial environment in an established company, we want to hear from you! Visit www.srsacquiom.com to learn more.
We are looking for an experienced, innovative Product Security Engineer to work with our product engineering group to help build and deploy secure products for our customers.
As a Product Security Engineer, you'll be working directly with our Director, Application Security and Compliance and closely with our Director, Software Architecture to mature a Secure Software Development Lifecycle, train developers in secure practices, work with our DevOps automation team to scale security, and innovate new ways to help developers secure themselves.
We expect you to play a major role in protecting SRS Acquiom products against security risks and to protect our customers’ data. We require that you understand how to assess a product’s security profile, to apply your extensive experience, and immediately contribute in this critical area.
- Perform reviews (threat models/code reviews/penetration tests) against SRS Acquiom’s products.
- Share root cause analysis information with our engineering teams to ensure we’re educating our engineers about common security pitfalls and how to avoid them
- Perform security assessments on our internal services and partner SAAS platforms
- Communicate risks and best practices to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns
- Conduct research to identify new potential attacks against our products and services.
- Take part in daily stand-up meetings, SCRUM or other daily activities with the product engineering teams
- Assist with advanced troubleshooting and problem solving related to security concerns for both product delivery teams and production support as required
- Create and maintain appropriate product and platform security documentation
- Acting as an ambassador for the secure development lifecycle within SRS Acquiom
- Create secure development processes for our engineering teams and external developers
- Tracking and validating issues detected during internal reviews
- Prioritize issues using CVSS or similar vulnerability scoring system
- Understand all the components of the SRS Acquiom platform, our products and interactions/interfaces with external and internal solutions.
- BS in information security, information technology, computer science, computer engineering, or equivalent degree.
- 4+ years experience in security testing of web applications, API-based services
- Experience implementing dynamic and static security tools.
- Experience performing threat models.
- Experience performing code reviews and penetration tests.
- Excellent listening skills and an open mind for new ideas.
- Must display strong communications skills – both verbal and written.
- Commitment to sharing experiences and good security practices with the community.
- Experience working with agile teams and development methodologies
- Ability to review developers’ work, evaluate compliance with security frameworks and provide feedback
- Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
- Experience with Object Oriented Programming (OOP) with preferred knowledge of Angular and/or PHP
- Knowledge of authentication mechanisms like SAML, OAuth, etc.
- Current security training or certifications such as SANS GWAPT or similar preferred
- Experience with OATH/SAML preferred
- Experience in Financial and/or Fin Tech organizations preferred.
- Experience with CI/CD process and toolsets (e.g., Ansible, Travis) preferred.
A few benefits our employees enjoy
- Comprehensive benefit plans (medical/dental/vision) starting on day 1
- 401(k) with 4% matching
- Discretionary time off
- Fitness credit
- Several pre-tax plans (dependent care, transportation, flexible spending)
- Transportation reimbursement
- Benefits reimbursement
Read Full Job Description