Job Description
We are seeking a highly skilled and motivated Product Security Engineer to join our dynamic team. The ideal candidate will have a strong background in secure software development, threat modeling, vulnerability management, and incident response. As a Product Security Engineer, you will ensure our products are secure, comply with industry standards, and meet client security expectations.
What you'll do:
Promote Secure Development Practices
Implement secure development practices in line with Microsoft Secure SDLC.
Guide development teams on secure coding standards and best practices.
Conduct threat modeling to identify security threats.
Perform risk assessments to evaluate and mitigate risks.
Hardening the software development process
Review static and dynamic code analysis.
Perform internal penetration testing and security audits.
Manage automated security testing tools (SAST and DAST).
Review cryptographic controls for industry standard alignment.
Assist in identifying, analyzing, and prioritizing product vulnerabilities.
Coordinate remediation efforts in a timely manner with relevant teams.
Incident Response & Compliance Support
Respond to and manage security incidents and breaches.
Investigate root causes and implement preventive measures.
Provide documentation and support for audits and compliance (e.g., SOC-2, GDPR).
Assist with client security and compliance requests.
Manage and monitor Web Application Firewall (WAF) changes.
Report on vulnerabilities, security status, and incident response activities.
What you'll bring:
Bachelor’s degree in Computer Science, Information Security, or a related field.
Proven experience in secure software development.
Strong knowledge of secure coding practices and standards.
Experience with threat modeling and risk assessment.
Proficiency in static and dynamic code analysis.
Hands-on experience with security testing tools (SAST, DAST).
Familiarity with cryptographic controls and industry standards.
Excellent understanding of vulnerability management.
Experience in incident response and root cause analysis.
Knowledge of compliance standards (e.g., SOC-2, GDPR).
Strong analytical and problem-solving skills.
Excellent communication and teamwork abilities.
Preferred Skills and Qualifications:
Relevant certifications such as CISSP, CEH, OSCP, or similar.
Knowledge of SOC-2, ISO-27001 and PCI
Experience in cloud security and with cloud providers (e.g., AWS, Azure, GCP).
Experience managing Web Application Firewalls (WAF).
The Company:
Absorb Software is a remote-first company offering online training solutions to leading organizations globally. As a cloud-based learning management system (LMS), we're engineered to inspire learning and fuel business productivity. We're passionate about empowering learners to enrich their lives, workplaces, and communities.
Our Core Values:
- Achieving exceptional results by genuinely caring about each other and our work.
- United growth through a commitment to elevating continuous learning.
Absorb celebrates diversity and is committed to creating an inclusive environment for all members. All employment decisions are based on business needs, job requirements, and individual qualifications. Successful candidates will undergo pre-employment screening, including a criminal record check, and must show proof of legal eligibility to work in the applied country without sponsorship.
For any accommodations during the recruitment process, please indicate this on your application. We're dedicated to meeting your accessibility needs. For inquiries, please contact us at accessiblecareers@absorblms.com .
#J-18808-Ljbffr