Senior Engineer - Product Security
Remote - New York
Senior Engineer – Product Security
College Board - Technology
Remote
About the Team
The College Board Product Security team is close knit and enthusiastic group of technologists with a thirst for knowledge in all things Security and Cloud. We collaborate closely daily to investigate and solve problems and have strong alignment with our Product Teams in order to be a step ahead in securing the organizations suite of Products. We are an agile organization, embracing DevSecOps and cloud-native systems, and are focused on improving speed and security of service delivery in support of our important mission. Our team is committed to diversity and inclusion, and we work to ensure everyone on the team has a voice. We hire great people from a wide variety of backgrounds and experience.
About the Opportunity
Our College Board Product Security Engineers work closely with Information Security, Governance and Compliance and Product teams to achieve product and security business objectives. They support the implementation of secure development practices, threat modelling, architecture, design, vulnerability assessments and security verification, as well as defining the security standards and managing operations for a variety of products and security tools.
In this role, you will frequently interact with a variety of stake holders in Technology and on the Business side to provide hands on risk remediation or recommendation solutions, including secure patterns and mitigation strategies. You will understand our product landscape and propose, and drive to implementation, new innovative security solutions, updates to existing solutions, negotiate alternative options and build technical and release roadmaps.
As a Senior Engineer, you will lead and mentor junior team members supporting their growth and development in Product Security concepts, tools and best practices.
In this role, you will:
- Partner Program - Partnership Development (50%)
- Act as a liaison between Product Security teams (both in IT and outside of IT) and the Information Security Office via regular engagements with assigned Partner teams. Embed into planning and grooming sessions.
- Develop deep understanding of our Security Policies and Audit requirements in order to support assigned Partner teams, GRC Exceptions and Audit efforts (PCI, SOC2, ISO27001, GDPR, State Contract requirements)
- Create Threat Models and Risk Registers for your assigned products and communicate application risks and vulnerabilities to technical stakeholders.
- Lead application vulnerability reviews and remediation efforts. Develop deep skill sets in understanding, managing and determining exploitability of vulnerabilities to properly determine risk and priority.
- Work to gain a …
This job isn't fresh anymore!
Search Fresh JobsJob Profile
Competitive benefits and compensation Diversity and Inclusion Paid parental leave Paid Time Off Professional growth Remote work Retirement benefits Tuition Assistance Vision Insurance
Tasks- Collaborate with teams
- Mentor junior members
Agile AWS AWS services CI/CD Cloud Compliance Continuous Improvement DevSecOps Education Incident Response Information security Leadership Management Operations React Secure development practices Security Security policies Security standards SQL Technology Training Vulnerability assessment
Experience5 years
Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9