Remote Product Security Engineer

Description:

• The Product Security Engineer is responsible for ensuring the security of an organization’s products throughout their lifecycle.
• This role focuses on protecting software, hardware, and firmware from vulnerabilities and cyber threats, aligning with business goals and compliance standards.
• The engineer will consult with security adjacent stakeholders and business units to provide suggestions, education, guidance, and feedback from a security perspective.
• Responsibilities include performing threat modeling, application design solutions, and vulnerability assessments to identify relevant risks and security gaps in product design and development.
• The engineer will implement security tooling and automation to scale the Product Security team’s practices and advocate for security best practices in the Software Development Lifecycle (SDLC).
• Conducting code reviews, penetration testing, and static/dynamic analysis is essential to ensure compliance with industry standards such as AICPA SOC2, HIPAA, PCI DSS, SOX ISO 27001, and NIST CSF.
• The role involves monitoring and addressing security incidents impacting Wave products and implementing SOAR solutions to improve incident response times and efficiency.
• The engineer will work with product and engineering teams to design and implement security controls and protections within the product via automation.
• Planning product roadmap with key stakeholders and collaborating with cross-functional teams to develop mitigation strategies is crucial.
• The engineer will mentor Product, Engineering, and IT teams for security best practices and provide security training and awareness for developers and stakeholders.
• Maintaining documentation of security controls and processes and preparing reports on security risks and mitigation efforts for management and regulatory bodies is required.

Requirements:

• A minimum of 3 years of experience in a Product Security role is required.
• A Bachelor’s degree in Computer Science, Cybersecurity, or a related field is necessary.
• Experience leading architectural changes or complex cross-team efforts to mitigate security vulnerabilities is essential.
• A strong understanding of threat modeling methodologies such as MITRE ATT&CK, STRIDE, and PASTA is required.
• Familiarity with Amazon AWS Services, MS Azure, and their capabilities is necessary.
• Experience in securing web applications and using orchestration tools like Ansible and Terraform is required.
• Knowledge of frameworks such as OWASP Top 10, SAST/DAST tools, and CI/CD pipelines is essential.
• Fluency in programming languages such as Python, React, and Django Rest Framework is required.
• Experience with manual source code review and embedding security into code in production environments is necessary.
• Experience with deploying application security tools in the CI/CD pipeline is required.
• A strong understanding of securing the software development lifecycle, including building programs that eliminate full classes of vulnerabilities, is essential.
• Excellent communication and interpersonal skills are required.
• The ability to work independently and within a team is necessary.
• Strong organizational and time-management abilities are essential.

Preferred Qualifications:

• Certifications such as CISSP, CSSLP, CEH, or equivalent are preferred.
• Experience in IoT, embedded systems, or mobile app security is a plus.
• Knowledge of regulatory and compliance standards such as AICPA SOC2, NIST CSF, GDPR, and HIPAA is preferred.

Benefits:

• Employees have the flexibility to work from the office in Toronto or from home, depending on their comfort.
• The company supports personal growth with diverse learning experiences, educational allowances, mentorship, and more.
• A significant investment in health and wellness is made, considering body, mind, and soul.
• Fair compensation and various office perks are provided, along with the expected benefits from a growing tech company.
• The company promotes a diverse and inclusive culture, valuing individuality and the broad spectrum of skills and abilities.
• Recognition as one of Canada's Top Ten Most Admired Corporate Cultures and one of Canada’s Great Places to Work in various categories highlights the company's commitment to a positive workplace environment.