Job Details

Product Security Engineer

Puppet, Inc., Portland, OR (Remote)

Job - Technology

Close Date: 01/31/2020

Hi, I’m Mike Hall, Sr. Director of Engineering at Puppet,

I’m looking for a Product Security Engineer to join our team to assess and strengthen our secure product development process, ensuring Puppet products maintain the highest levels of security. At Puppet, security is deeply embedded in our DNA, and you’ll help us continue that tradition as we develop a disruptive offering still in its early stages.

Performing broad architectural reviews on our products to identify current risks, you will be responsible for advising product teams on how to better incorporate security into their coding and testing. As the leader of a security community of practice, you will help change mindsets toward security through education and creation of a developer training program. You will also work with third-party security firms to audit our products, managing pen tests, and charting a course for security compliance for Federal customers.

Meaningful work you’ll contribute:
Responsible for all aspects of developing secure on-premise and SaaS applications, including:
Puppet’s internal product standard for secure development, from threat modeling and security risk assessments to security testing and release authorization;
Awareness and security development training;
Security vulnerability assessment, prioritization and response.
Partner with product development leads to identify and implement best practices that ensure application security and data protection are incorporated into all customer-facing product offerings.
Develop a security community of practice, driving accountability for security into every development team.
Provide security recommendations as a subject matter expert for development teams during discovery and design phases of development.
Validate vulnerability resolutions and ensure security requirements are observed prior to releases.
Serve as a point of contact for product security at Puppet.
Work with the Enterprise Security team to track and manage product security risk, and assist in developing and delivering risk assessments both internally, and externally.
Stay current on security industry trends, attack and response techniques, and security tools.
You are:
A team player. You are a top level community builder across groups inside the company and across the industry.
Entrepreneurial. You proactively identify challenges & opportunities.
Scrappy and self-directed. You are skilled at autonomously driving projects in a startup environment with minimal guidance and limited resources while having a ton of freedom and creativity to continue moving forward. You roll up your sleeves and drive execution and results.
Resilient. You create a constructive and safe environment, breaking down barriers to speed up the cycle of change.
Accountable. You identity team, groups, and company-wide areas of risk and mitigate them.
Honorable. You bring forward hard questions with respect and integrity for all parties, while fostering an environment that encourages others to do the same.
Valuable experiences and skills you’ll bring to Puppet:

You have delivered on security requirements for both on-premises and public cloud applications.
You have experience driving the adoption of security practices and initiatives across multiple product teams.
You have expertise and experience conducting threat modeling of services and applications across a diversity of products, with specific experience in SaaS applications.
You have experience coding in one of the following languages: JavaScript, Go, Ruby, or Clojure.
You have a thorough understanding of enterprise software development and infrastructure processes and lifecycle.
You possess full-stack knowledge of IT infrastructure: applications, databases, operating systems (Windows and Linux).
You are an effective communicator adept at delivering the right message to audiences of all levels, and able to translate complex technical security matters into business terms.
You have expertise with common security testing methodologies.
You use and understand distributed version control systems such as git.
You excel at working in a self-directed capacity, with strong record of goal achievement in a security role.
Bonus, but not required (shout about it in your application if you have experience):

BA or BS degree
*Visa Sponsorship

Please note, this position is not eligible for visa sponsorship.

Complete details: