Application and Product Security Principal

About the role

For over 25 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world's most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations. Though we offer competitive compensation and benefits and all the other perks one would expect from an established company, we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. It's a place where you can genuinely make an impact - and be recognized for it. We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. To that end, we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other, completely free of barriers. Your role: The Application & Product Security Principal is responsible for leading the DevSecOps areas of application security, application vulnerability scanning and other daily security and compliance efforts. This role is positioned between software engineering, security and operations, driving the integration of robust security practices into every stage of the software development lifecycle. As a senior member of the Application & Product team you will input into strategy, standards and partner closely with engineering, platform and product teams to ensure security is built-in and aligned with business objectives. You will champion a proactive, risk-based approach to security, embedding automated controls, secure design principles and continuous assurance into the development pipelines. You will lead security sessions for development engineering teams with focus on risks, security report analysis, mitigations of identified vulnerabilities and process improvements. You will also be responsible for developing and deploying an automated security framework for robust deployment of tools and processes, leveraging scripting languages and open-source solutions.

Responsibilities

• Extensive experience in Application Security, Product Security or DevSecOps roles
• Deep understanding of secure software development practices, including threat modeling, secure coding and vulnerability management
• Serve as the liaison for deployment of DevSecOps standards and input into new standards or policies
• Embed security and DevSecOps practices throughout the organization, within SDLC and support an automated continuous integration (CI) and continuous delivery (CD) system
• Work with APIs and plugins to integrate security tools into established CI/CD pipelines using agile delivery methodology
• Partner with developers and engineering teams to prevent vulnerabilities and 'shift-left' security testing in the SDLC
• Focus on automation to aid in efficiencies with both testing and development
• Provide hands-on technical expertise and support in general DevSecOps tasks
• Review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and applications, and effectively address false positives
• Investigate security issues in order to determine specific steps for reproduction and scope of vulnerabilities and risks
• Provide encouragement to team members, including identifying areas for additional training or skills development
• Mentor less experienced members of the team to help build a strong culture, improve security efficacy, and oversee team member work for quality and guideline compliance
• Create security documentation and developer training material
• Improve test case documentation and grouping
• Act as the senior subject matter expert for Global Relay software security testing related to the CI/CD pipeline
• Lead the selection, deployment, and management of appropriate scanning tools for security testing in the CI/CD pipeline
• Develop competency in the OWASP Top 10 and derive new test methodologies based on Global Relay applications
• Work with Application and Product Security Team Lead to identify areas where security test coverage is lacking, and work to improve the security test coverage
• Provide suggestions on improvements and see these through to completion
• About you:
• 8+ years of application security and operations experience and expert knowledge of software security
• Experience with at least one of each of the following:
• o OWASP, Mitre, NIST SP800-115
• o SAST, DAST, SCA
• o Python, Java, Bash, PowerShell
• o Puppet, Ansible, Git repositories, Jenkins, Docker/Podman, CI/CD technologies
• o Container - OpenShift / Kubernetes
• o API security
• Working with Security, Developers, DevOps, and Engineering teams in a dynamic environment
• Secure development, coding, and engineering practices
• Experience with the following would be an asset:
• o AI tools

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Global Relay? Share your experience