At SmartBear, we deliver the complete visibility developers need to make each release better than the last. Our award winning and industry favorite tools TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr are trusted by over 16 million developers, testers, and software engineers at 32,000+ organizations – including world-renowned innovators like Adobe, JetBlue, FedEx, and Microsoft.
Lead Product Security Engineer
- This position will be an advocate for security throughout the product and engineering processes defining security expectations, verifying security controls, and providing training and awareness.
- You will have the opportunity to work with product and engineering leaders to identify security weaknesses and security features that will help protect customers and drive customer adoption of SmartBear products
- You will work with a variety of languages including Go, Java, Node.js, React JS, Ruby, Python, and many more leveraging the latest tools designed and built in the cloud.
The Product Security team covers over 25 existing products with more on the horizon. The collection of products range from home grown to acquired products creating complex and challenging processes allowing for expanded growth and learning opportunities every day.
About the role
As a Lead Product Security Engineer at SmartBear, you will:
- Join a security team while being embedded in product and engineering to have a deep understanding of individual product priorities, roadmaps, and architecture in order to drive security at the right steps during the product development processes.
- Work closely with Engineering teams and Architects to validating the security posture of new and existing features for SmartBear products prior to production deployment.
- Drive security by design in product and engineering processes through process improvement, secure architecture and, training
- Perform Security Reviews that include threat modeling, code reviews, and penetration testing.
- Triage and validate security vulnerabilities found or reported and serve as the Subject Matter Expert in Product Security to the engineering team in identifying mitigation solutions.
- Communicate issues to product owners, provide meaningful remediation recommendations, and validate that they have been resolved.
We are looking for you if you have:
- 5+ years of related experience in application or product security.
- Experience in development and security of SaaS software in public clouds (AWS, GCP, Azure, etc)
- Experience with application security testing, threat modeling, code review of Web, Mobile, and/or API products.
- Strong development knowledge in one or more programming languages.
- Familiar with security tools such as SAST, DAST, SCA, CSPM, etc
Why you should join the SmartBear crew:
- You can grow your career at every level.
- We invest in your success as well as the spaces where our teams come together to work, collaborate, and have fun.
- We love celebrating our SmartBears; we even encourage our crew to take their birthdays off.
- We are guided by a People and Culture organization - an important distinction for us. We think about our team holistically – the whole person.
- We celebrate our differences in experiences, viewpoints, and identities because we know it leads to better outcomes.
Did you know?
- Our main goal at SmartBear is to make our technology-driven world a better place.
- SmartBear is committed to ethical corporate practices and social responsibility, promoting good in all the communities we serve.
- SmartBear is headquartered in Somerville, MA with offices across the world including Galway Ireland, Bath, UK, Wroclaw, Poland and Bangalore, India.
- We’ve won major industry(product and company) awards including B2B Innovators Award, Content Marketing Association, IntellyX Digital Innovator and BuiltIn Best Places to Work.
SmartBear is an equal employment opportunity employer and encourages success based on our individual merits and abilities without regard to race, color, religion, gender, national origin, ancestry, mental or physical disability, marital status, military or veteran status, citizenship status, age, sexual orientation, gender identity or expression, genetic information, medical condition, sex, sex stereotyping, pregnancy (which includes pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), or any other legally protected status.