Senior Product Security Engineer
Alternative Jobs
Everyday we tackle new and exciting challenges to empower developers to build responsive and flexible cloud, mobile, and edge computing applications that scale effortlessly. Couchbase delivers unmatched versatility, performance, scalability and financial value across cloud, on premises, hybrid, distributed cloud and edge commuting deployments. The database market is one of the largest undisturbed markets for enterprise software. The main catalyst for this is the need for digital transformation. Join Couchbase to be a part of a greater change. Here you’ll have the opportunity to learn and grow with some of the most innovative, passionate and humble individuals in the database industry.
Location: This role is open to Remote, Hybrid, or an in-office Santa Clara, CA based role.
The Sr. Product Security Engineer is a highly visible role and will be responsible for establishing secure SDLC practices including threat modeling and security testing to ensure the delivery of secure product releases. You will evaluate application environments to ensure they are being designed and deployed in compliance with industry standards and best practices. You will collaborate closely with Product Management, Engineering, SRE, Project Managers and others, in determining and ensuring that security requirements for product releases are met as part of all phases of the secure software development lifecycle (SDLC) process.
You are a software developer at heart with a strong passion for security who will be regarded as the SME for all things Product Security. You will work with multiple engineering teams to standardize, implement and enhance product security. You will take an active role in training and spreading awareness to help build a security first culture. You will be responsible to support application security tool deployments and recommend improvements on the tools and processes
established within our application security framework to increase efficiency and mature the program.
This is an Individual Contributor hands on role where you will get to manage the Product Security program
Key Responsibilities:
- Perform security software architecture review and integrate threat modeling and abuse cases into the SDLC; Advise and implement secure software architecture patterns.
- Drive the development and implementation of standard security review processes across the company that result in effective methods for reducing security risks before product releases.
- Integrate application security tools within existing development, build and deployment processes.
- Conduct dynamic and static code scan reviews and run-time tests.
- Assist with the planning and execution of application penetration tests.
- Interface and collaborate with Engineering, Cloud and SOC teams during security incidents.
- Define and enforce IAM guidelines.
- Champion the remediation of security vulnerabilities in the products within define SLAs.
- Assist in completing RFP security questionnaires.
- Define and establish a bug bounty program.
Qualifications:
- BS in Computer Science, Information Security, or a related field.
- 6-8+ years’ experience focused in the areas of software engineering, application security, cloud security and related disciplines.
- Solid understanding of current secure coding principles (e.g., OWASP Top10, OWASP SAMM) and Agile software development practices.
- Familiarity with a variety of software development and automation tools (e.g., GitHub, Jira, Jenkins, Qualys, SonarCube, Veracode, BlackDuck etc.)
- A good understanding of threat modeling and how to mitigate application security risks.
- Knowledge of vulnerability management including CVSS scoring and CVEs across open source and third-party software and supply chains.
- Strong understanding of various types of cloud service models (IAAS, PAAS, SAAS).
- In Addition, good understanding of security features in AWS, Azure and GCP Infrastructure.
- Good understanding of SSO, including OAUTH, SAML, Database and Mobile security experience a plus.
- Industry Certifications such as CISSP, CISM, AWS Certified Security, Azure Security, Google Cloud Security Engineer are considered a plus.
- Highly effective written and oral communication skills.
- Strong project management skills and ability to work independently on engagements.
#LI-RemoteUK
#LI- AS2
Why Couchbase?
Couchbase is named one of DTBA’s top 100 companies that matter in data. At Couchbase, we believe data is at the heart of the enterprise. We empower developers and architects to build, deploy, and run their most mission-critical applications. Couchbase delivers end-to-end technical solutions for all our customers with high-performance, flexible and scalable modern databases that run across the data centers and any cloud. Many of the world’s largest enterprises rely on Couchbase to power the core applications their businesses depend on. See our recent awards to learn what makes Couchbase such a great company to work at.
This year Couchbase was recognized as one of the UK's Best Places to Work. Couchbase offers a total rewards approach to benefits for the value you create here. Couchbase recognizes the need for financial wellbeing. We offer:
- Flexible time off
- Medical, dental, vision, and life insurance coverage
- Paid parental leave
- Flexible Spending Account for the things you care about most
- An ergonomic and comfortable in-office setup, with food and supporting technology, or assist in the setup of an efficient home office environment.
Learn more about Couchbase:
Disclaimer:
Couchbase is committed to being an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Join an impact initiative group and experience the amazing feeling of Couchbase can-do culture.
By using this website and submitting your information, you acknowledge our Candidate Privacy Notice and understand your personal information may be processed in accordance with our Candidate Privacy Notice following guidelines in your country of application.
