Product Solution & Security Engineer

Your Opportunity to Make an Impact

As the Product Solution & Security Engineer will be responsible for providing technical expertise to enhance the security of our products throughout their lifecycle. This role involves working closely with our developer teams and Product Solution Security Officer. It plays an important role to ensure that every step of the software development and operation lifecycle (SDLC) complies with industry, Dotmatics, Siemens Digital Industries Software Product Solution Security standards, and implements best practices for product security. We are committed to delivering high-quality products and services to our customers while ensuring the highest standards of security and privacy.

In this role you’ll get to: 

• Be responsible for guiding project teams in executing the Product Solution Security (PSS) related activities.
• Provide technical expertise about Product Solution Security (PSS). 
• Work with developers to provide repetitive validation of application security measures.
• Experience building controls in a 100% cloud-based infrastructure
• Build relationship and Security knowledge effectively across multiple internal departments and Customer teams. Demonstrating strong technical acumen and leadership to align security practices across diverse business units, while considering differing seniority and technical and non technical audiences 
• Continually enhance and strengthen product’s application security posture.
• Provide subject-matter expert (SME) level input on secure coding, architecture, and automation.
• Lead and support application security efforts, such as security/code reviews and threat modelling.

We’re looking for people who have 7+ years of experience with the design and development of cloud security architectures in an enterprise-scale environment,  with at least 3+ years’ experience in setting up Coverity or SonarQube or other SAST tools and auditing security findings. You will demonstrate excellent communication and presentation skills and the ability to lead and coach both junior security engineers and non security developers to improve their skills and effectiveness.

The key skills we are looking for:

• Expert knowledge  in at least two of the following areas: Secure Architecture and Design, Secure Implementation, Secure Project Integration, Secure Services, and Security Testing.
• Advanced skills in developing automation with at least one scripting languages such as Go, TypeScript, JavaScript or Python
• Advanced knowledge of  AWS, GCP, or VMware implementations.  Azure experience may be considered 
• Expert understanding of designing and applying vulnerability assessments, application penetration testing, and a solid understanding of network and web protocols.
• Advanced experience in Identifying information security risks through source code review and secure interaction between code, libraries, languages, APIs, database, and core platform infrastructures (e.g. Tomcat, Java). 
• Project Management: Leading multiple work streams/projects across a wide range of products
• Modern techniques of secure networking and communications in public cloud environments.
• Full Stack Software development experience: C/C++, Java, Node JS, Typescript, React.  is a plus.
• Hands-on experience in automation techniques in DevSecOps, e.g. how to integrate and automate SAST/DAST/SCA tools in the SDLC process and serve as a tool-smith for the dev teams.
• Cloud environments and containerization technologies (such as Kubernetes) and modern microservice design principles.

You may also have:

• BA or BS degree Computer Science,  Systems Analysis, or a related field
• Working knowledge of cloud computing technologies business drivers and emerging computing trends
• Working knowledge of business process reengineering principles and processes