Product Security Engineer
Reporting into Rajendra Umadas, Manager, Product Security
About the Role
The Security Engineer will be responsible for securing WeWork applications and infrastructure. Responsibilities include, but are not limited to: penetration testing, code review, and threat modeling. You will work closely with the engineering teams to ensure security is part of the SDLC. Additionally, you will assist with research and development projects that further push the boundaries of the state of information security.
Role Responsibilities
Perform penetration tests and code reviews for WeWork applications (web/mobile)
Teach secure development practices to software engineers
Work with application teams to threat model their projects in all aspects of the SDLC
Make recommendations to help improve WeWork application security posture
Validate and triage vulnerabilities submitted by researchers from our bug bounty program
Keep security documentation and policies up to date
Work with the Security Director to handle third-party audits and compliance reviews
Assist with automation development of security processes
Lead all 3rd party security vulnerability scans and triaging of found risks
Help automate compliance of PCI and ISO 27001 requirements in our environments
Advancing personal knowledge of information security to stay bleeding edge
Strong troubleshooting skills
The ability to take a nebulous project, talk to the right people, define it, split it up into tasks, and ultimately get it done quickly and efficiently
The ability to do the above quickly in emergency situations
The ability to manage and balance multiple priorities across other teams (product, strategy, engineering, etc.)
Ability to lead a project or team when needed