Veryfi, Inc.
Principal Product Security Architect
Veryfi, Inc., San Mateo, California, United States, 94409
[Full Time] Principal Product Security Architect at Veryfi, Inc. (United States)Principal Product Security Architect
Veryfi, Inc. United StatesDate Posted: 31 Oct, 2022Work Location: San Mateo, CA, United StatesSalary Offered: Not SpecifiedJob Type: Full TimeExperience Required: 3+ yearsRemote Work: YesVacancies: 1 availableLocation: California Resident, SF Bay Area - Hybrid RoleAbout the role
We are seeking a full-time Principal Product Security Architect to join our talented team at Veryfi! As the Principal Product Security Architect, you'll play a pivotal role in setting the strategic technical direction of the company while keeping both Veryfi and our customers secure. You are someone who can architect solutions, is a great communicator, and has high level experience in Security. Bonus: previous experience with FedRAMP.What You'll Be Doing...
You will ensure security by design, product engineering and architecture for Veryfi products. In this role, you will conduct security assessments for products and solutions developed by Veryfi. You will collaborate with various cross-functional teams and help to create, define, and implement security controls and tooling in conjunction with internal product development and partner teams.Responsibilities Include
Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible.Work closely with the product development engineers to perform security design and code review by suggesting flow improvements, anti-tamper protection when needed for security modules, and help with integration of vulnerability assessment tools.Provide security guidance to Engineering and Product teams on overall product architecture and its ecosystem.Build Threat Models, conduct Risk Assessments for new features or services and provide guidance on effective countermeasures.Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment.Provide subject matter expertise on Encryption, Security Controls, and Secure Design and programming practices across the Technology organization.Contribute to Security Policy, Standards, and Guidelines related to Information Security.Evaluate and operationalize new technologies for securing the organization.Train and mentor Security Champions throughout the development.Share thought leadership in the product and application security space.Create security User Stories and security Test Cases for products that are tailored to the product attributes and technology.Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance.You'll Need To Have
Six or more years of relevant work experience.Experience with performing security requirements analyses to secure the deployment of large globally distributed cloud-based and/or mobile-embedded platforms.Experience with OWASP Top 10 vulnerabilities and Cryptographic Algorithms: (PKI), X.509 Public Key Certificates, authentication protocols, and transport layer security, OID, OAuth, SAML.Even Better If You Have
Hands-on experience with implementing Security Services and tools in AWS such as GuardDuty, Macie, CloudTrail, CloudWatch, KMS, WAF, AWS Config, AWS Inspector.Programming skills in C++/C, Swift, Java, Go, Python or other languages and the ability to solve complex operational issues.Deep understanding of VPC, firewalls, reverse proxies, Load Balancers, Security Groups, Route Tables, IDS/IPS.Hands-on experience with vulnerability scanning concepts and tools: SAST, DAST/IAST, server and container vulnerability scanning and remediation.Container Security experience with Docker, ECS, Kubernetes.Experience with configuration languages/IaaC: Ansible, CloudFormation, Terraform.Experience with SDLC for mobile platforms including use of obfuscation techniques, Reverse Engineering and Tamper Resistant software development on Mobile Platform.Understanding of various types of Exploits, Threat Modeling, and Attack surfaces.Experience with IT Security Frameworks such as NIST, ISO27001, PCI, DSS, FedRAMP.Master's degree in Computer Science or equivalent engineering experience.One or more of the following certifications: AWS Certified Solutions Architect (professional), AWS Certified Security (Specialty), CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP), CISSP.Notice(s):Salary Range Disclaimer: The base salary range represents the low and high end of the Veryfi salary range for this position. Actual salaries will vary depending on factors including but not limited to location, experience, and performance.Equal Opportunities and Accommodations Statement: Veryfi is deeply committed to building a workplace and global community where inclusion is not only valued, but prioritized. We're proud to be an equal opportunity employer, seeking to create a welcoming and diverse environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, family status, marital status, sexual orientation, national origin, genetics, neuro-diversity, disability, age, or veteran status, or any other non-merit based or legally protected grounds.
#J-18808-Ljbffr
Veryfi, Inc. United StatesDate Posted: 31 Oct, 2022Work Location: San Mateo, CA, United StatesSalary Offered: Not SpecifiedJob Type: Full TimeExperience Required: 3+ yearsRemote Work: YesVacancies: 1 availableLocation: California Resident, SF Bay Area - Hybrid RoleAbout the role
We are seeking a full-time Principal Product Security Architect to join our talented team at Veryfi! As the Principal Product Security Architect, you'll play a pivotal role in setting the strategic technical direction of the company while keeping both Veryfi and our customers secure. You are someone who can architect solutions, is a great communicator, and has high level experience in Security. Bonus: previous experience with FedRAMP.What You'll Be Doing...
You will ensure security by design, product engineering and architecture for Veryfi products. In this role, you will conduct security assessments for products and solutions developed by Veryfi. You will collaborate with various cross-functional teams and help to create, define, and implement security controls and tooling in conjunction with internal product development and partner teams.Responsibilities Include
Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible.Work closely with the product development engineers to perform security design and code review by suggesting flow improvements, anti-tamper protection when needed for security modules, and help with integration of vulnerability assessment tools.Provide security guidance to Engineering and Product teams on overall product architecture and its ecosystem.Build Threat Models, conduct Risk Assessments for new features or services and provide guidance on effective countermeasures.Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment.Provide subject matter expertise on Encryption, Security Controls, and Secure Design and programming practices across the Technology organization.Contribute to Security Policy, Standards, and Guidelines related to Information Security.Evaluate and operationalize new technologies for securing the organization.Train and mentor Security Champions throughout the development.Share thought leadership in the product and application security space.Create security User Stories and security Test Cases for products that are tailored to the product attributes and technology.Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance.You'll Need To Have
Six or more years of relevant work experience.Experience with performing security requirements analyses to secure the deployment of large globally distributed cloud-based and/or mobile-embedded platforms.Experience with OWASP Top 10 vulnerabilities and Cryptographic Algorithms: (PKI), X.509 Public Key Certificates, authentication protocols, and transport layer security, OID, OAuth, SAML.Even Better If You Have
Hands-on experience with implementing Security Services and tools in AWS such as GuardDuty, Macie, CloudTrail, CloudWatch, KMS, WAF, AWS Config, AWS Inspector.Programming skills in C++/C, Swift, Java, Go, Python or other languages and the ability to solve complex operational issues.Deep understanding of VPC, firewalls, reverse proxies, Load Balancers, Security Groups, Route Tables, IDS/IPS.Hands-on experience with vulnerability scanning concepts and tools: SAST, DAST/IAST, server and container vulnerability scanning and remediation.Container Security experience with Docker, ECS, Kubernetes.Experience with configuration languages/IaaC: Ansible, CloudFormation, Terraform.Experience with SDLC for mobile platforms including use of obfuscation techniques, Reverse Engineering and Tamper Resistant software development on Mobile Platform.Understanding of various types of Exploits, Threat Modeling, and Attack surfaces.Experience with IT Security Frameworks such as NIST, ISO27001, PCI, DSS, FedRAMP.Master's degree in Computer Science or equivalent engineering experience.One or more of the following certifications: AWS Certified Solutions Architect (professional), AWS Certified Security (Specialty), CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP), CISSP.Notice(s):Salary Range Disclaimer: The base salary range represents the low and high end of the Veryfi salary range for this position. Actual salaries will vary depending on factors including but not limited to location, experience, and performance.Equal Opportunities and Accommodations Statement: Veryfi is deeply committed to building a workplace and global community where inclusion is not only valued, but prioritized. We're proud to be an equal opportunity employer, seeking to create a welcoming and diverse environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, family status, marital status, sexual orientation, national origin, genetics, neuro-diversity, disability, age, or veteran status, or any other non-merit based or legally protected grounds.
#J-18808-Ljbffr