Job Title – Product Security Engineer, Staff / Sr. Staff
Job Location : Bangalore
Today, there’s more data and users outside the enterprise than inside, causing the network perimeter as we know it to dissolve. We realized a new perimeter was needed, one that is built in the cloud and follows and protects data wherever it goes, so we started Netskope to redefine Cloud, Network and Data Security.
Since 2012, we have built the market-leading cloud security company and an award-winning culture powered by hundreds of employees spread across offices in Santa Clara, San Francisco, Seattle, Bangalore, London, Melbourne, and Tokyo. Our core values are openness, honesty, and transparency, and we purposely developed our open desk layouts and large meeting spaces to support and promote partnerships, collaboration, and teamwork. From catered lunches and office celebrations to employee recognition events and social professional groups such as the Awesome Women of Netskope (AWON), we strive to keep work fun, supportive and interactive. Visit us at Netskope Careers and follow us on Twitter @Netskope and Facebook
Within Netskope Engineering department, Security Services organization is responsible for building core security products and features, such as Data Loss Prevention, Malware and Threat Prevention, Cloud Confidence Index, Breach and Anomaly Detection. The organization is also responsible for ensuring Netskope’s own software and cloud services meet the strictest security standard. We are looking for a passionate product security engineer to work on this important initiative. A successful candidate has track record of creating and working with strong nimble product security team and running successful product security programs in medium to large engineering organizations. He or she will partner with all engineering teams, operation team, product management team and CISO organization to ensure secure product development lifecycle.
- Define security best practice for software development and cloud service deployment. Collaborate with PMO team to integrate it into SDLC.
- Perform threat modeling, design reviews, peer code reviews and privacy review as part of the secure development lifecycle.
- Work with development teams to fix product security issues.
- Assist and help engineering teams to build capabilities in secure code review , security testing, fuzz testing, and advanced developer testing capabilities.
- Support Engineering team with secure design, secure coding, security testing and SAST and DAST tool usage.
- Building POCs and tooling for engineering and QA/QE for security testing.
- Drive Security education and awareness for engineering organization.
- Development, publication, and maintenance of secure development standards, guidelines, patterns, as well as working with engineering peers to adopt the publications
- Support and assist the adoption of CI/CD/CS pipelines and DevSecOps implementation.
- Bachelor’s of Science degree in an Engineering discipline; Master’s preferred or equivalent work experience
- 8+ years of Product/Application security, penetration testing, security operations experience in highly diversified and high growth organizations.
Preferred Technical Skills
- Excellent programming experience (design, coding & debugging) and secure code review skills.
- Familiarity with the leading tool-sets including continuous penetration testing, automation, and SAST/DAST tools (Veracode, Coverity, Zap, Burp, SonarQube etc).
- Experience and knowledge of penetration testing methodologies and tools.
- Experience building security communities across engineering teams through evangelism and training programs.
- Thorough understanding of OWASP Top 10 and their mitigation.
- Excellent Secure Software Concepts - security implications in software development.
- Incident management, including analysis and response
- Certifications in security and privacy demonstrating deep practical knowledge such as ISC² CSSLP, CISSP or CSSP, SANS Secure Software Development, CompTIA Security+, CEH, OSCP
- Effective communication (internal, customer, legal counsel), collaboration (internal, external) and effective written skills (white papers, vulnerability specifications etc.)
- Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders