Senior Product Security Engineer

Company: Fortinet
Location: Sunnyvale
Posted on: May 26, 2023

Job Description:

The Product Security Incident Response Team is looking for a Product Security Architect to work in the PSIRT Team to continue to develop and maintain the Fortinet Secure Product Development LifeCycle.
This role that requires applicants to possess an understanding of secure development practices and tools, a strong understanding of software security, experience of software security standards and operation of a Software Development LifeCycle (SDLC)
In this role, you will:

• 
  
• Conduct risk assessments on new software products, evaluate architecture and system design for security weaknesses, conduct code reviews, and drive threat modeling exercises
  
• Provide subject matter expertise on security tools and controls such as SAST, DAST, Software Composition Analysis, Dependency scanning (supply chain management), Infrastructure-as-Code, and container scanning
  
• Partner with development teams, leaders, and product lines to provide consultative cybersecurity guidance, insight, and feedback as new technologies or products are developed
  
• Contribute to the development of strategic team and organizational objectives focused on software security, tooling, and new technologies
  
• Devise and document operationally strong processes and procedures that will be used to guide the development organization to more mature capabilities and defenses
  
• Contribute to the development and enforcement of application security policies, standards, and controls
  
• Present findings, concepts, ideas, and plans in support of key cyber objectives to various parts of the business, as needed
  
  Qualifications/Requirements:
  Bachelor's degree from accredited university or college with minimum of 6 years of professional experience OR Associates degree with minimum of 9 years of professional experience OR High School Diploma with minimum of 11 years of professional experience
  Minimum 5 years of professional experience in Cyber Security Architecture or IT
  Skills:
  
  • 
    
  • Good understanding of Fortinet products line-up, solid security background
    
  • Prior experience in Application Security or experience as a senior software architect
    
  • Solid grasp of any of the following: OWASP Top 10, SANS SWAT, or CIS Top 18
    
  • Prior hands-on experience utilizing SAST and DAST technologies
    
  • Strong grasp of web application architecture and design; secure web configurations and security headers; able to articulate common attack vectors and threats
    
  • Knowledge of CI/CD and automation tools, experience integrating security tools into DevOps pipelines
    
  • Experience conducting Web Application Penetration Tests or vulnerability assessments
    
  • Experience developing or operating a SDLC Policy with particularly experiencing:
    
    
  • Threat Modeling (STRIDE, or other models)
    
  • Security Champion Programs
    
  • Security Awareness Training
    
    
  • Experience with any of the following regulatory frameworks: NIST SP 800-53, NIST ST.SP.800-160, NIST SP 800-218 is a must.
    
    
    • 
      
    • Good English language writing and communication skills are a must.
      
    • Must be detail oriented and able to follow processes thoroughly.
      
      Education:
      
      • 
        
      • Bachelor degree in any Engineering or Scientific discipline or equivalent.
        
        The US base salary range for this full-time position is $150,000-$200,000. Fortinet offers employees a variety of benefits, including medical, dental, vision, life and disability insurance, 401(k), 11 paid holidays, vacation time, and sick time as well as a comprehensive leave program.
        Wage ranges are based on various factors including the labor market, job type, and job level. Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.
        All roles are eligible to participate in the Fortinet equity program, Bonus eligibility is reviewed at time of hire and annually at the Company's discretion.

Keywords: Fortinet, Sunnyvale , Senior Product Security Engineer, Engineering , Sunnyvale, California