Senior Product Security Engineer

Posted:
12/3/2024, 6:24:51 PM

Experience Level(s):
Senior

Field(s):
DevOps & Infrastructure ⋅ IT & Security ⋅ Software Engineering

Workplace Type:
Remote

Job Description

Where you’ll work: Anywhere in Hungary
 

Security at GoTo

In today’s world, “work anywhere” means “secure everywhere.” We strive to deliver secure, remote workforce products and services that ensure business assets, customer, and employee data are protected. We build security & privacy by design and default, leveraging the SecDevOps methodology and nurturing a culture that enables security and privacy in everything we do. Security, meet simplicity

Your Day to Day

As a Senior Product Security Engineer, you would be working on:

  • Conducting security architecture reviews for new and existing products.

  • Collaborating with engineering teams to implement secure-by-design principles.

  • Performing comprehensive threat modeling and security reviews to identify and mitigate security risks early in the development process.

  • Developing and enforcing secure coding standards and practices.

  • Providing security-focused code reviews for critical components.

  • Monitoring emerging security vulnerabilities and ensure remediation.

  • Working closely with DevOps and engineering teams to integrate security practices.

  • Mentoring junior engineers, promoting a culture of security-first thinking.

  • Ensuring product compliance with relevant standards (e.g., GDPR, ISO 27001, SOC 2).

  • Staying current with security trends, technologies, and best practices.

  • Identifying and implementing new technologies to enhance the security posture of GoTo products.

What We’re Looking For

As a Senior Product Security Engineer, your background will look like:

  • 5+ years of professional, hand-on application and/or product security work experience; preferably in a SaaS product company of similar scale and scope

  • Comprehensive understanding of software development lifecycle models as well as secure coding techniques

  • Familiarity with CI/CD pipelines and cloud security principles (e.g., AWS, Azure, or GCP or Oracle)

  • Knowledge of techniques, standards, and state of the art capabilities for security automation, (e.g., SAST, DAST, SCA, IAST, EDR, NGFW, WAF)

  • A mix of relevant certifications in key areas would be helpful (but not required): CISSP, CCSP, CSSLP, CISM, CIPP, AWS Certified Security Specialist, Azure Security, AWS Certified Solutions Architect, SANS GIAC, etc.
     

What we offer:

  • Full remote work option within Hungary and on-demand seat in our Astoria office

  • Time-off benefits such as volunteering days, parental and pet leave

  • Private health insurance, life insurance, and eye care

  • Adoption, Tuition, and Reading Reimbursement, English Course

  • Employee Resource Groups and GoTo Gives CSR program – a fun and inclusive community

  • ... and many more
     

You’ll be working towards a shared goal with an open-minded and cohesive team greater than the sum of its parts. At GoTo, we’re passionate about growing a diverse and inclusive work ecosystem because unique takes make us a stronger company, and Stronger Together. We’re committed to creating an inclusive space for everyone, no matter what. That’s how we’ll Be Real, Think Big, Move Fast, and Keep Growing along the way.