View all jobs
Product Security Engineer
San Francisco, CAFusion HCR is hiring! Product Security Engineer, 6-month contract to hire, candidates must be based in Nevada or California.
The Product Security Engineer will play a critical role in ensuring the security of our software applications, protecting sensitive data, and identifying and mitigating security vulnerabilities. This role requires a deep understanding of software security principles and a commitment to proactively safeguarding our systems.
Required Experience:
Education:
The Product Security Engineer will play a critical role in ensuring the security of our software applications, protecting sensitive data, and identifying and mitigating security vulnerabilities. This role requires a deep understanding of software security principles and a commitment to proactively safeguarding our systems.
- Conduct comprehensive code reviews to identify and rectify security vulnerabilities and coding flaws.
- Collaborate with the development team to implement secure coding practices.
- Analyze software designs and architectures to identify potential security threats and weaknesses.
- Develop threat models to guide security measures and risk assessment.
- Plan and execute security testing, including penetration testing, vulnerability assessments, and security assessments.
- Work with cross-functional teams to resolve identified security issues.
- Promote security best practices throughout the software development lifecycle.
- Integrate baseline security configurations and controls into the development workflow.
- Educate development teams on secure coding practices and security awareness.
- Utilize and maintain relevant security tools and technologies, including but not limited to AppScan, Fortify, and Burp Suite, to identify vulnerabilities, assess risks, and implement appropriate security measures.
- Configure and manage firewall settings to protect the network infrastructure.
- Apply cloud security best practices for platforms like AWS, Azure, and GCP to secure cloud-based resources and services.
- Conduct training sessions and workshops on security-related topics.
- Develop and maintain an incident response plan for software security incidents.
- Lead investigations and collaborate with incident response teams to address security breaches.
- Ensure software applications comply with industry regulations and standards (e.g., HIPAA, OWASP, NIST, GDPR).
- Assist in the development and enforcement of security policies and procedures.
- Stay updated on emerging threats and trends in software security.
- Continuously research and recommend new security tools and methodologies.
Required Experience:
- Proven experience in software security engineering or secure software development.
- Excellent programming skills in JavaScript, PHP, Python, or others.
- Proficiency in MongoDB, Express.js, React, and Node.js strongly preferred.
- Relevant certifications, such as Certified Secure Software Lifecycle Professional (CSSLP) or Certified Cloud Security Professional (CCSP), and AWS Cloud or Security Specialty are a plus.
- Strong knowledge of common application security vulnerabilities and mitigation techniques.
- Proficiency in security tools and practices, such as static and dynamic code analysis, fuzz testing, and threat modeling.
- Strong problem-solving and communication skills.
- Ability to collaborate effectively with cross-functional teams and communicate complex security concepts to non-technical stakeholders.
Education:
- Bachelor’s degree preferred (Engineering, Computer Science, Information Systems, etc.) or equivalent experience