Sr. Product Security Engineer at Sovrn
About the Team
At Sovrn, the Security team’s mission is to drive a culture where all Sovrn teams actively work together to ensure the security of our employees, data and platforms in order to empower our Publishers with services they can trust.
About the Job
Sovrn is currently seeking a Sr. Product Security Engineer to help develop and implement product security policies and controls. You will work with other members of the security team along with the product development teams to institute secure development practices. The right candidate will rely on a broad skill set across multiple technologies and will have a passion for security. The goal of Security engineering is to empower our product and development teams to create secure platforms through education and automated testing. This role is a key participant in the culture to create a collaborative partnership across software, data, reliability, and quality engineering teams.
What You’ll Be Doing:
- Manage platforms to surface product vulnerabilities and work with the teams to remediate
- Coordinate training for security awareness and secure SDLC processes
- Implement security processes and tools for risk reduction and mature our product security
- Conduct threat modeling exercises with the product teams to surface issues before and after
- Work with QA to automate detection and notification of issues with code
- Participate in all product inceptions to ensure security measures are being considered from the beginning
- Participate in product prioritization meetings to champion security initiatives
- Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks
- Coordinate and perform secure SDLC awareness and training activities
- Participate as a member of the Sovrn Security Champions Program
- Maintain and publish security-focused KPIs
- Support Enterprise Compliance Program and Customer Success Teams as needed
- Partner with the organization to provide automated deployments of architected solutions
- Provide technical and architectural/vision alignment guidance to and mentor junior team members
You are a self starter and able to get the job done without direct supervision. You enjoy being part of a collaborative team but are also independently responsible. Technical challenges and solving problems with your team to make better software gets you excited. You are comfortable in an educating role that outwardly evangelizes security to all levels within the organization. Firm believer that the engineering team owns the quality of the product and designs with this in mind. You work to automate all the things so you can spend more time on what matters most. Above all, you are security minded and excited about technology with a curiosity to learn.
The successful candidate will have:
- Ability to lead problem definition, solution designs, and define implementation work plans
- Professional working experience in an automation engineering role
- Understanding of DevOps and Reliability Engineering practices
- Experience with cloud technologies (AWS, GCP, Azure)
- Experience with automation configuration tools (Ansible, Puppet, Chef, etc.)
- Experience deploying cloud services, monitoring, alerting, and handling critical issues
- Industry recognized professional certification(s) such as CSSLP, CASE, etc.
- Strong understanding of fundamental application security concepts - OWASP, etc
- Must be able to coordinate with teams to implement processes
- Ability to understand and translate compliance obligations into technical solutions
- Ability to promote and demonstrate the value of building secure environments
- Quickly establish trust and rapport with key stakeholders
- A creative yet analytical mindset with problem-solving skills
- Excellent communication and collaboration skills.
- Ability to understand business domains and translate to security services
- Passion for security
- Recent experience in a development role
- Experience with Agile/JIRA.
- AWS Security Fundamentals, GCP Associate Cloud Engineer (or equivalent)
- CompTIA Security+, Network+, A+
This position reports to: VP, Technical Operations
Location: Boulder, Colorado
We understand that no candidate is perfectly qualified for any job. Experience comes in different forms; many skills are transferable; and passion goes a long way. Even more important than your resume is a clear demonstration of accountability impact, and the ability to thrive in a fluid and collaborative environment. We expect you to learn new things in this role, and we encourage you to apply if your experience is close to what we're looking for.
Sovrn provides products and services to thousands of online publishers to help them understand, operate and grow their business. Sovrn is headquartered in Boulder, Colorado, with offices in New York, San Diego and London.
With thousands of customers deploying advertising, affiliate marketing, and data products across 40,000 websites, Sovrn reaches over 300 million active consumers across more than 11 billion pageviews every day. Sovrn has been a leader in online publisher technology since its founding and has been recognized by IAB, JICWEBS, and TAG for its role in combating fraud and promoting pro-transparency initiatives. Sovrn is dedicated to helping content creators do more of what they love, and less of what they don't.
Sovrn Core Values: Candid, Customer Empathy, Learning, Scrappy, Second Order Thinking
Compensation and Benefits
In accordance with the Colorado Equal Pay for Equal Work Act, the approximate compensation range for this role in Boulder, Colorado is $125,000 to $160,000, including base salary and any related bonuses or commissions. Final compensation for this role will be determined by various factors such as a candidate's relevant work experience, skills and certifications.
Sovrn offers a full slate of benefits from competitive salaries, stock options, medical, dental and vision coverage, short and long term disability, life insurance, 11 paid holidays, flexible vacation, commuter benefits, a 401(k) plan and match, and a paid parental leave program.
Equal Opportunity Employer
Sovrn is proud to be an Equal Opportunity Employer and provides equal employment opportunities to all employees and applicants regardless of race, color, religion, gender, gender identity, age, national origin, disability, parental or pregnancy status, marriage and civil partnership, sexual orientation, veteran status, or any other characteristic protected by law. Reasonable accommodations will be made to meet the requirements of the Americans with Disabilities Act and will be provided as requested by candidates taking part in all aspects of the selection process.
Sovrn does not accept agency resumes. Please do not forward resumes to our jobs alias or Sovrn employees. Sovrn is not responsible for any fees related to unsolicited resumes.