Job description


  • Entry level
  • No Education
  • Salary to negotiate
  • Santa Clara



Title: Sr. Product Security Engineer

Summary: Information Security supports Gigamon by maintaining our position as trustworthy provider of network and security tools and services to our customers. As a Product Security Engineer, you will ensure that our products are worthy of this trust and be the security interface with the Gigamon Product and Engineering organizations.

You will need to provide these teams timely, useful, practical, and actionable expert guidance and advice. You will be successful in this role if you can provide mentorship and leadership to engineers and product team members with varying backgrounds and awareness of security principles. You must understand how software and hardware is built and be deeply familiar with the challenges in delivering secure products and services and have empathy for the people who make them and their varying success factors.

We are looking for a Sr. Product Security engineer that is collaborative and interested in working across a wide technology stack; from hardware, firmware, through web, network stack, and into cloud and infrastructure. You don’t need to be an expert in all; but, we do expect expertise in at least area with a passion to learn to learn the others. You may come from a number of different backgrounds: software engineering with security focus, a bounty researcher, security consultants, and so on.

Doing Product Security right starts much earlier than finding vulnerabilities and we want to stop them from occurring to begin with and we are dedicated to root cause analysis, training and awareness, driving security in product roadmaps, and improve on frameworks, process, and tooling.

Reporting to the: Chief Information Security Officer

Values of a successful candidate

- Collaboration over rule-making
- Improvement over perfection
- Pragmatism over idealism
- Authentic and empathic communication
- Continuous improvement and learning mindset The role includes

- Identifying vulnerabilities and threats and addressing systemic risk
- Helping improve Gigamon’s Secure Development Lifecycle
- Performing security code and architecture reviews
- Running threat modeling and adversarial viewpoint exercises
- Performing internal pen-tests and managing third-party pen-tests
- Leading Engineering for Security and Privacy by Design initiatives
- Building tools and automations to identify, classify, and manage security issues
- Being a technical leader and mentor to the Engineering, Product, and Security teams
- Collaborating with Engineering, IT, Global Support, Sales, Marketing, and others
- Leading blameless post-mortem and risk reduction exercises
- Leading product security outreach, training, and awareness development The successful engineer

Must Have:

- Have a broad understanding of general software development practices, the associated risks, and the components of a modern product security program
- Work proactively or with limited guidance on tasks or work
- Collaborate well with teammates across functions including the ability to enable those teammates via formal and informal training and mentoring
- Code comprehension in two or more languages (e.g. C is a must, Python, Java, etc.)
- Understanding of common security flaws and how to prevent them (e.g. OWASP, CSC, etc.)
- Understanding of vulnerability classification and scoring (e.g. CVSS, CWE, etc.)
- Have opinions on and demonstrated experience with hardening of servers and appliances based on Linux Should Have:

- Development experience for automated analysis testing
- Knowledge of crypto, especially TLS, x509, and SSH
- Hands on experience with DevOps (CI/CD) process and technologies
- Knowledge of techniques for targeting a hardware attack surface, and methods for mitigating those attacks
- Experience with running or participating in bug bounty and responsible disclosure programs (esp. aligned with ISO29147)
- Understanding of common product security standards (e.g. Common Criteria, FIPS 140, FedRAMP, SOC2, etc.)
- Experience with threat modeling (e.g. STRIDE, DREAD, etc.)
- Securing cloud infrastructure (e.g. AWS, Azure, GCP)
- ARB experience
- Scripting and automation of security tooling for agility and effectiveness

About the company


Related jobs