Senior Product Security Engineer

LinearB is a leading software engineering intelligence platform that empowers engineering teams with actionable insights and workflow automation. Our solutions help improve developer productivity and experience, enable predictable project delivery, and drive profitable engineering. Join us to be part of an innovative company driving efficiency and excellence in software development.

We are looking for an experienced and proactive hands-on Senior Product Security Engineer with DevSecOps experience to join our Security team.

This role is crucial for designing and implementing a robust, Secure Software Development Lifecycle (SSDL) process and technology stack. 

The ideal candidate will have a strong background in product security, coupled with expertise in DevOps, application security, and infrastructure management. The role also involves close collaboration with DevOps, development, and SOC teams.

Responsibilities:

• Design, build, and implement the Secure Software Development Lifecycle (SSDL) process, integrating security into all stages of the software development lifecycle.
• Develop and oversee the implementation of security tools and technologies, including SAST, DAST, SCA, SNAP, ASPM, CDR, vulnerability scanners, and Kubernetes (K8s) security tooling.
• Collaborate closely with DevOps and development to embed security practices into product development from initial design through to deployment.
• Conduct security assessments, code reviews, and vulnerability analysis.
• Automate security testing and compliance checks across cloud environments, focusing on AWS.
• Provide guidance on secure coding practices and help establish security policies and standards.
• Lead projects to completion, motivate team members, and foster a collaborative and high-performing team environment.
• Proactively identify and drive security initiatives, taking ownership and pushing boundaries to ensure the highest security standards.

• Design and implement security solutions to protect against common security threats, such as SQL injection, cross-site scripting (XSS), and authentication bypass
• Conduct threat modeling and architecture security review
• Develop and maintain secure coding standards and guidelines for application developers
• Monitor and analyze security incidents and provide timely response and resolution
• Exhibit strong self-driven learning abilities, Stay current with emerging threats, vulnerabilities, and industry best practices in application security
• Participate in security incident response activities and contribute to post-incident reviews and remediation efforts
• Deliver secured development training to developers - advantage

Requirements

• 5+ years of experience in Application Security, with a focus on building and securing software development processes and Automation Creation.
• Proven expertise in designing and implementing Secure Software Development Lifecycle (SSDL) processes and related technologies.
• Proficiency in AWS cloud environment security practices, with extensive experience in securing cloud-native applications and Kubernetes environments.
• Expertise in security tools and processes, including SAST, DAST, SCA, ASPM, CDR, vulnerability scanners, and Kubernetes security tooling.
• Hands-on experience with GitHub and GitHub Actions, including the integration of security tools within CI/CD pipelines and managing IaC security using Terraform
• Coding and scripting skills in Python, JavaScript or Bash, with a focus on automating security processes and performing code reviews to identify vulnerabilities - advantage.
• Advantageous certifications and knowledge: AWS, CISSP, Kubernetes (K8s).
• Knowledge of security standards and frameworks (e.g., SOC2, ISO 27001, GDPR) and how they apply to product security.
• Ability to lead and motivate teams, with a proactive approach to learning and driving security initiatives.

Qualifications:

• Previous experience in a product company, preferably a startup.
• Strong understanding of web application security concepts and protocols (e.g., OWASP Top 10, SSL/TLS, OAuth)
• Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP.
• Excellent communication skills and ability to effectively communicate security risks and recommendations to technical and non-technical stakeholders

LinearB Values:

• Put the Customer First
• Take Ownership
• One Team
• Show Product Expertise
• Be Data Driven
• Reach for the Next Level
• Listen Curiously & Speak Courageously

LinearB is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.