Staff Engineer 1 - Product Security
Waltham,Massachusetts, VMware Company Overview: VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what’s possible today at http://careers.vmware.com.Job ID R1913531 Date posted Oct. 09, 2019
Our Product Security team will coordinate our security efforts across our product, engineering and operations departments. This is an opportunity to join a security team that is supported by a strong internal security community. You will help to build an even more secure security product by which we build trust with our customers and deliver superior protection of their endpoints.
As a Senior Principal Software Engineer, you will work with the engineering and operations teams to:
Serve as the Application Security Engineer for Carbon Black products (cloud and on-premises).
Engage with various engineering teams across Carbon Black to perform security reviews of the architecture, design, and code throughout the SDLC process.
Collaborate with engineering teams to perform threat modeling for the proposed architecture.
Perform technical security assessments of existing and new products and work closely with the engineering teams to ensure that findings are addressed by the engineering team.
Work with product architects to provide remediation and potential fixes for security issues found from pen tests, static (SAST) and dynamic (DAST) code, analysis and provide recommendation on remediation.
Provide technical inputs for security evaluations like SOC 2, GDPR, FIPS, Common Criteria and FedRamp.
Provide remediation recommendation for third-party component vulnerabilities used within Carbon Black products.
Clearly communicate the security plan - including the risks and controls in place for key stakeholders.
Apprise senior management on the product security status.
Research security vulnerabilities in current architecture and communicate mitigation strategies to impacted teams.
What You’ll Bring:
BS in Computer Science or equivalent work experience
7+ years as a security architect, providing security support for SaaS/SaaS-like cloud systems
Experience with platforms used to provide security services in SaaS environments for configuration management, authentication, automation and validation
Understanding of code level scanning tools
Strong communication skills preferred
Experience with docker and container security
Programming Experience as a developer in designing and building cloud, web and SaaS products
Knowledge of various security evaluation and compliance frameworks like FIPS, Common Criteria, NIST, SOC 2, GDPR etc.
Experience with crypto, code signing, IAM and threat modeling
Nice to haves
Understanding of kernel level applications
Experience building and automating security testing
Coding expertise in Java