Principal Engineer

• Lead complex cross-domain Application Security initiatives
• Influence senior leadership and stakeholder decision-making regarding technical solution design or control implementation
• Collaborate with Cybersecurity and Technology groups to improve automation and solve security concerns by accelerating reviews (make the secure path the easy path) and release into production
• Review and identify opportunities and gaps in current SDLC and Application Security processes and controls
• Provide technical subject matter expertise and thought leadership on secure software development, secure code review, static analysis, software composition analysis / supply chain security, threat modeling / security-by-design, AI security, cloud security and penetration testing
• Define and optimize security requirements and secure design review processes
• Prototype technical solutions and drive productization of innovative security solutions
• Stay abreast of industry standards and innovation in the Application Security space
• Drive a culture of innovation across Application Security
• Provide mentoring and development to junior engineers

• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 10+ years of experience in identifying security issues and risks, and developing mitigation plans
• 7+ years – Development experience in more than one language (preferred Java or C# & .NET CORE development experience including the development of RESTful APIs)
• 5+ years of automated / manual code review – secure code review, security peer review, static analysis (Checkmarx, Fortify, Semgrep, manual code review)
• 5+ years of experience with secure DevOps and deployment automation
• 5+ years – CI/CD integration experience
• Deep hands-on technical expertise in at least two of the following areas: network security, embedded/hardware security, cryptography, web and network protocols, data structures and algorithms, software development, threat modeling, pen tests, or vulnerability assessments
• Experience with supply chain security (SLSA, SCVS) Software Composition Analysis, and container security
• Experience with Dynamic Analysis Security Testing (DAST), IAST or RASP
• Experience with Artificial Intelligence security with a focus on Machine Learning and GenAI
• Experience with SDLC and Agile methodologies
• Experience with GCP and Azure security
• Desired certifications: CISSP, CSSLP, CASP+, CASE, GSEC
• Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices

Desired certifications: CISSP, CSSLP, CASP+, CASE, GSEC

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement