Lead Product Security Engineer
Job Locations CZ-Prague | RO-Bucharest Requisition ID 2021-57419 Category Research & Development
What's the role?
With each month, the HERE platform continues to expand not only on the features that our services offer, but the set of services offered to our customers. Alongside this growth, we are absolutely unwilling to waiver on our commitment to securing our services and the data hosted on our platform. This creates an interesting challenge: how do you enable a company to grow quickly without taking on additional security risk ? HERE is heavily investing in quite a few efforts in this area, and we want to highlight one that we believe is having a huge impact: Shifting Security Left.
To ensure security is not a bottleneck for rapid feature releases and product growth, we’ve increased investment in automated security tooling that can plug into our product development pipelines. At HERE, we are in the process of migrating products to Gitlab Pipelines for our Continuous Integration and Continuous Delivery (CICD) development process.
The role
As our Principal Product Security Engineer you are technical focused and enabling HERE to continue to rapidly scale a wide array of products while maintaining the high level of security our customers expect. You will join a small geographically dispersed team of engineers who focus on ensuring products that reach production have gone through rigorous security checks through automated means, from the first line of code to the final configuration of deployment infrastructure. To be successful in this role you need to be a security evangelist as well who knows that a high security standard will coexist with rapid product development.
Main Responsibilities
- Develop easy security integrations for development teams to adopt in their build, test, and deploy pipeline(s)
- Use explorative data analysis to identify any gaps and high impact areas to focus new security efforts on
- Be a security evangelist to the developer community who promotes not just our security tooling but industry security topics as well
Who are you?
- Ability to communicate security objectives and topics both in spoken and written word to a variety of audiences; from non-technical business objects through to security experts
- 5+ years experience of securing a variety of software and system
- A capable software engineer who is comfortable using scripting languages (Python, Ruby, Bash, etc) to develop extendable automation
- Comfortable with writing tests in any CICD pipelines
- Understand modern deployment software deployment architectures to include cloud services and container orchestration.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
