Lead Product Security Engineer - Sheridan, United States - Cox Automotive

Description

The

Lead Product Security Engineer

holds an engineering leadership role that drives the development of process and automation solutions around our application security tools. This individual will guide the team to contribute to these initiatives with quality in mind.

They will also guide technical and security engineering discussions within the team, and will be seen as an authority on secure coding, secure infrastructure, and secure design best practices.

They will help to imagine and shape the systems and process flows on incorporating security organically into the engineering teams' day to day workflows.

This engineer will work with AWS and other cloud technologies as well as a variety of commercial and open source security products and frameworks.

While this is an individual contributor role, you'll be involved in many aspects - help evolve our existing architecture, reduce complexity, work with engineering teams to improve operations, and implement and operationalization new security tooling, as needed.

Beyond automation of onboarding or usage of our application security tools, we strive for continuous improvement of processes and the integration of best practices.

We're looking for someone who has an interest in application security, cloud technologies and a passion to help the organization create secure-by-default world-class software.

Key Responsibilities:

Reporting to the Product Security Director, serves as a member of the Product Security Engineering teamWorks with partner engineering teams to create applications and services that align to the Pproduct Ssecurity mission and goals and in order to create a paved roadLeverages technology (tools, capabilities, processes) to level up software engineering teams' secure coding practices and knowledgeOperationalizes off the shelf application security tools to help engineering teams build, deploy and deliver secure softwareProvide situational white glove service to critical business engineering teamsMust be able to help engineering teams fix application security defects using a variety of technology stacksPromotes incorporation of security processes and practices to make security an organic part of a declarative pipeline model (e.g.

CICD practices)Communicate process and tool automation improvements to the Product Owner and Product Manager, as opportunities and repeating concerns are observedHelps define the team's tasks and objectives, based on continuing analysis of service requestsCreates automation solutions to support tool administration and operationConsistently exhibits a positive attitude and desire to help the team to succeedDesign and build monitoring systems for developed automation applications and servicesParticipate in On-call rotation with the team (once every 3-4 weeks)Consistently meets or exceeds predefined support and services Service Level Objectives (SLOs)Executes tasks with minimal supervision


Qualifications:
Bachelor's Degree; (preferably Computer Science or Cybersecurity) and 6 years' experience in a related field.

The right candidate could also have a different combination, such as a master's degree and 4 years'; or a P.h.

D. and 1 year of related experience; or 18 years' experience in a related field.

Proven and demonstrable experience building software applications with technologies like C#, JavaProven and demonstrable experience with front end or Javascript frameworks like Typescript and Node.

jsExperience designing and implementing security solutions and processes around application security toolsExperience administering, maintaining and supporting application security tools and servicesExperience with at least 3 areas of the following application security areas and tooling:
cloud, application code, mobile applications, and API.Strong cloud infrastructure experience, preferably AWS and AzureSolid understanding of DevOps - automated deployments and release orchestrationSolid understanding of containers and microservice architectureA solid understanding and knowledge of the latest cybersecurity threats, current best practices, and related softwareExcellent communication, interpersonal and teamwork skillsStrong analytical and problem solving skillsExcellent attention to detail


Preferred:

Master's in Cybersecurity or equivalent experienceThreat modelingFundamental understanding of modern cloud architecture (containerization, databases, message queueing, events, etc.)Familiarity with Infrastructure as Code technology such as TerraformAn understanding of deployment methodologies like Blue/Green, Canary, etc.

Familiarity with various Cloud monitoring tools (Cloudwatch, New Relic, Splunk)Familiarity with networking and network securityFamiliarity with Cloud security toolsExperience with scalable networking technologiesFamiliarity with standard IT security practices such as encryption, certificates, and key managementMinimum 1 year of mobile application development experienceWorking knowledge of infrastructure technologies such as OS (Linux and Windows), Network, Database, Server, Storage etc.

Comfortable with build and deploy toolsExperience managing, building, debugging and deploying Docker containers and microservice architectureExperience in a consulting, services, or platform engineering role

USD 117, ,500.00 per year


Compensation:

Compensation includes a base salary of $117, $195, The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities.

Position may be eligible for additional compensation that may include an incentive program.


Benefits:

The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members.

Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, parental leave, and COVID-19 vaccination leave.

About Cox Automotive

At Cox Automotive, people of every background are driven by their passion for mobility, innovation and community.

We transform the way the world buys, sells, owns and uses cars, accelerating the industry with global powerhouse brands like Autotrader, Kelley Blue Book, Manheim and more.

What's more, we do it all with an emphasis on employee growth and happiness. Drive your future forward and join Cox Automotive today

About Cox

Cox empowers employees to build a better future and has been doing so for over 120 years.

With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all.

Ready to make your mark? Join us today

Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO).

For more details on what benefits you may be offered, visit our benefits page .

Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.

Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.

Statement to ALL Third-Party Agencies and

Similar Organizations:
Cox accepts resumes only from agencies with which we formally engage their services.

Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility.

Cox is not responsible for any fees or charges associated with unsolicited resumes.
#J-18808-Ljbffr