Principal Product Security Architect at Veryfi, Inc.

Posted on: 05/20/2022

Location: (REMOTE)

full time

Original Source

Tags: vpc swift embedded ecs aws docker cloudformation ansible python terraform kubernetes

Location: California Resident, SF Bay Area -Hybrid Role About the role We are seeking a full-time Principal Product Security Architect to join our talented team at Veryfi! As the Senior Product Security Architect, you’ll play a pivotal role in setting the strategic technical direction of the company while keeping both Veryfi and our customers secure. You are someone who can architect solutions, is a great communicator, and has high level experience in Security. Bonus: previous experience with FedRAMP. What You’ll Be Doing... You will ensure security by design, product engineering and architecture for Veryfi products. In this role as a Senior Product Security Architect, you will conduct security assessments for products and solutions developed by Veryfi. You will collaborate with various cross functional teams and help to create, define, and implement security controls and tooling in conjunction with internal product development and partner teams. Responsibilities Include Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible. Work closely with the product development engineers to perform security design and code review by suggesting flow improvements, anti-tamper protection when needed for security modules, and help with integration of vulnerability assessment tools. Provide security guidance to Engineering and Product teams on overall product architecture and its ecosystem. Build Threat Models, conduct Risk Assessments for new features or services and provide guidance on effective countermeasures. Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment involving truly cutting edge technology. Provide subject matter expertise on Encryption, Security Controls, and Secure Design and programming practices across the Technology organization. Contribute to Security Policy, Standards, and Guidelines related to Information Security. Evaluate and operationalize new technologies for securing the organization. Train and mentor Security Champions throughout the development. Share thought leadership in the product and application security space. Create security User Stories and security Test Cases for products that are tailored to the product attributes and technology. Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance. You'll Need To Have Six or more years of relevant work experience Experience with performing security requirements analyses to secure the deployment of large globally distributed cloud-based and/or mobile-embedded platforms. Experience with OWASP Top 10 vulnerabilities and Cryptographic Algorithms: (PKI), X.509 Public Key Certificates, authentication protocols, and transport layer security, OID, OAuth, SAML. Even Better If You Have Hands-on experience with implementing Security Services and tools in AWS such as GuardDuty, Macie, CloudTrail, CloudWatch, KMS, WAF, AWS Config, AWS Inspector. Programming skills in C++/C, Swift, Java, Go, Python or other languages and the ability to solve complex operational issues. Deep understanding of VPC, firewalls, reverse proxies, Load Balancers, Security Groups, Route Tables, IDS/IPS. Hands-on experience with vulnerability scanning concepts and tools: SAST, DAST/IAST, server and container vulnerability scanning and remediation. Container Security experience with Docker, ECS, Kubernetes. Experience with configuration languages/IaaC: Ansible, CloudFormation, Terraform. Experience with SDLC for mobile platforms including use of obfuscation techniques, Reverse Engineering and Tamper Resistant software development on Mobile Platform. Understanding of various types of Exploits, Threat Modeling, and Attack surfaces Experience with IT Security Frameworks such as NIST, ISO27001, PCI, DSS, FedRAMP Master’s degree in Computer Science or equivalent engineering experience. One or more of the following certifications: AWS Certified Solutions Architect (professional), AWS Certified Security (Specialty), CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP), CISSP. 22CyberNET Notice(s) Salary Range Disclaimer The base salary range represents the low and high end of the Veryfi salary range for this position. Actual salaries will vary depending on factors including but not limited to location, experience, and performance. The range listed is just one component of Veryfi's total compensation package for employees. Other rewards may include an open Paid Time Off policy, and many region-specific benefits. Equal Opportunities and Accommodations Statement Veryfi is deeply committed to building a workplace and global community where inclusion is not only valued, but prioritized. We’re proud to be an equal opportunity employer, seeking to create a welcoming and diverse environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, family status, marital status, sexual orientation, national origin, genetics, neuro-diversity, disability, age, or veteran status, or any other non-merit based or legally protected grounds. We value diverse experiences, including those who have had prior contact with the criminal legal system. We are committed to providing individuals with criminal records, including formerly incarcerated individuals, a fair chance at employment. Where legally permitted, Veryfi requires all individuals attending or working out of Veryfi offices or visiting Veryfi clients to be fully vaccinated against COVID-19. For positions that can only be performed at an Veryfi office, candidates must be fully vaccinated against COVID-19 and present acceptable proof of vaccination by the date of hire as a condition of employment. For positions that require some in-office work or in-person client meetings, exceptions to these in-office or in-person job requirements may be made at the discretion of the business through June 2022, at which point full vaccination will be required. Veryfi will consider requests for reasonable accommodation as required under applicable law. To qualify as being fully vaccinated against COVID-19 there should have been a two week period after receiving the second dose (or any government recommended booster shot) in a 2-dose COVID-19 vaccine series, or a two week period after receiving a single-dose (or any government recommended booster shot) in a single dose COVID-19 vaccine