The Principal Product Security Engineer will work directly with application development and infrastructure teams throughout all phases of the software and systems development cycle to develop and deploy secure applications and cloud infrastructure.
* Perform threat modeling of web applications
* Define security requirements and user stories
* Define and implement security architecture of web applications and cloud infrastructure
* Review and advise on remediation activities for SAST and DAST scan results using risk
* Develop automated testing as part of Continuous Integration and Deployment build pipelines
* Conduct web application security testing or coordinate with third-parties to perform security testing
* Review and advise on security testing results
* Perform code review as necessary
* Educate and enable software developers to develop secure coding practices
* Develop applicable secure development policies, standards and procedures
Education, Experience, Knowledge and Skills
* B.S. Degree in Computer Science or related technical discipline
* Knowledge of OWASP Top 10 vulnerabilities
* Expert knowledge in Python, Java, and Spring Boot
* Proficient with DevOps tooling such as Jenkins, Concourse, Terraform and Ansible
* CISSP, CCSP or GWAPT certifications are highly preferred
* Google Cloud Platform certifications are highly preferred
* Knowledge of Docker, Pivotal Cloud Foundry, Kubernetes or other container orchestration platforms are highly preferred
* At least 7 years of technical experience and expertise in application development, application security, vulnerability management, or incident response
CoreLogic offers an empowered work environment that encourages creativity, initiative and professional growth and provides a competitive salary and benefits package. CoreLogic is an Equal Opportunity/Affirmative Action employer committed to attracting and retaining the best-qualified people available, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability or status as a veteran of the Armed Forces, or any other basis protected by federal, state or local law. CoreLogic maintains a Drug-Free Workplace. We are fully committed to employing a diverse workforce and creating an inclusive work environment that embraces everyone's unique contributions, experiences and values. Please apply on our website for consideration.
CoreLogic provides information intelligence to identify and manage growth opportunities, manage business performance and risk.