Product Security Engineer
Posted on 11/8/2022
Canada • Remote
- Experience in software development or product security engineering, with additional full-time product or information security experience
- Proven experience performing security design reviews for complex applications, including distributed systems, APIs, and services deployed to cloud, on-premise, and hybrid environments
- Expert knowledge and implementation experience across information security disciplines, including web application, network, and operating systems security
- Fluency with the OWASP Top 10 and other common vulnerabilities and exploit techniques, and ability to define appropriate countermeasures
- Deep understanding of common application and network protocols, cryptographic technologies, and authentication and authorization protocols
- Knowledge of compliance requirements for industry-standard certifications like PCI DSS, SOC2, HIPAA, FedRAMP
- Direct experience supporting cloud operational models, including SaaS security architecture, microservices, containers, and/or Kubernetes
- BA/BS in computer science, a related discipline, or equivalent work experience
- You will perform application security assessments including architecture review, threat modeling, secure code review, and general security consulting
- You will assist and enable product teams to follow secure development practices, while also empowering them to own security within their product area
- You have a proven development background and can communicate with engineering teams with authority, credibility, and empathy. Product Security is complex and context-specific and, as such, will require you to learn constantly and be committed to continuous innovation, because what worked yesterday may not work tomorrow
- Consult with development and operations teams to provide guidance and recommend secure design patterns
- Perform security assessments on new and existing products and services to identify security risks and establish baseline security requirements
- Establish and drive security standards across Cribl to improve security and resiliency of software and systems architecture
- Contributions to the security community: research papers, public CVEs, conference talks, open source, etc
- Familiarity with “big data” and distributed systems technology
Data analytics tools & storage services
Cribl's mission is to build a solution to make observability viable for any organization, giving our customers visibility and control while maximizing value from existing tools, and consumption pricing that is accessible for all.
- Competitive Salary
- Stock Options
- Medical, dental, and vision insurance
- Flexible spending account (FSA)
- 401(k) plan offered (US)
- Parental Leave
- Professional Development and Career Growth
- Generous Vacation and Holiday Policy, including 2 Floating Holidays for holidays you observe
- Employee Resource Groups that reflect our values driven company culture
Company Core Values
- Customers First, Always - First we help customers. Then everything else.
- Irreverent, but Serious - We are a serious company with a love for goats and jokes.
- Curious - We seek to understand problems and the people who have them before taking action.
- Transparent - Trust is earned when everyone is on the same page.
- Together - We are collaborative. We are kind. We are open.