Product Security Staff Engineer
San Francisco, CA

Job Description

The Product Security Engineer reports to the Sr Director, Product Security. This position will work closely with their peers across Architecture, Development Engineering, and Technology Operations to ensure our Customer and Employee facing Products are appropriately resilient to attack.

Successful candidates will be actively exercise their Learning Agility, Change Leadership, Collaboration & Influencing, and Strategic Planning skills.

* Define Product/Platform Patterns and Standards deployed or leveraged within our on premise Gap or cloud environments
* Provide co-developed services, code libraries, or infrastructure configurations as appropriate to secure all Customer and Employee facing Products
* Manage application penetration testing, code scanning, and remediation capabilities in collaboration with all Product Lines
* Advances application scanning and testing integration with CI/CD pipelines to minimize security defects and improve overall Product quality
* Partners with Product Management and Technical Project Leadership using a consultative approach to adapt security approaches to changing business strategies and priorities with strong communication and active collaboration, across cross-functional teams and business partners
* Partners with Security Strategy & Governance to build and maintain a security controls framework that is current and applied across all technology environments
* As part of the team, continuously advances the Security Champions Program to develop and embed security skillsets within the development, engineering, and operations teams across the Product Lines
* Owns key initiatives of subject area, coordinating strategies with peers to maximize success
* Minimum 10 years of experience in information security architecture and design
* 3 years minimum experience within dev/ops and cloud environments
* Demonstrated ability to build and successfully execute delivery plans leveraging cross-functional resources with varying levels of ability
* Working knowledge of relevant information security laws, regulatory standards, generally accepted information security principles, and accepted industry best practices
* Experience working in a risk based environment including mitigation, planning and implementation
* Operational flexibility in modifying business and operating practices to adapt to a changing environment
* Excellent communication, collaboration and influencing with internal and external executives, and both technical and non-technical audiences
* Certifications a plus CISSP, CISA, CISM, CRISC, CGEIT, ISO27001
* Bachelor's degree in Computer Science, Information Technology or a related discipline