Due to current COVID-19 restrictions, this is a temporary work from home role but will ultimately work in the Cox Automotive offices in Atlanta, Georgia / Dallas, Texas / Carmel, Indiana / Burlington, Vermont / Sacramento, California / Irvine, California / Austin, Texas
The Security Engineer II – Product Security (“Product Security Engineer”) is an experienced security engineer focused on helping Cox Automotive build secure products and software, with a strong emphasis on preventative measures.
The Product Security Engineer combines their software engineering background and security expertise to create security capabilities while protecting the Cox Automotive (Dealer.com) developer experience and making it easy to do the right thing.
The Product Security Engineer works on projects and operations related to application and software security testing capabilities for Cox Automotive, delivering rapid feedback for engineers and security quality reporting for product & security leaders.
The Product Security Engineer shares their knowledge as part of the product security center of excellence, providing guidance, references, education, and support to security ambassadors.
- Reporting to the Product Security Director, serves as a member of the Product Security Engineering team
- Maintains alignment with Engineering Enablement, Business Information Security Office, Cloud Business Office, and Engineering Operations leadership to ensure a unified approach to deploy security capabilities and services to engineering teams
- Works with Engineering Enablement to maintain the security of common build, test, integration, delivery, and deployment capabilities, and to align security services to common capabilities
- Works with the security metrics team to update product security scorecards and insights
- Provides input to a backlog of gaps and opportunities for security capabilities
- Builds security capabilities that standardize common security patterns, prevent bugs & exploits, automatically mitigate risks, and save development time
- Assists with threat modeling, making it easy for teams to write security requirements/stories/cases and associated tests
- May contribute to product protection capabilities such as WAF and RASP
- Provides support for software security testing capabilities, customer requests, and maintains high levels of service
- Promotes product security and helps educate engineering teams on secure development best practices and maintains references, patterns, and security decisions that assist developers
- Acts as an engineering advocate: uses common Cox Auto tools and technologies, beta-testing new Risk & Security initiatives, and providing feedback
- Where permitted by applicable law, must be fully vaccinated against COVID-19 to be considered for this U.S. based job. (Reasonable accommodations for medical and religious objections will be considered.)
- BA/BS Degree, preferably formal studies in Computer Science, Software Engineering, Information Systems, or equivalent
- 3+ years of combined experience in Software Engineering, Risk, and Security
- Ability to read and write in Java or .NET and a scripting language
- Experience with the one of the following:
- static security analysis, linting, and code review
- dynamic application security testing and manual application pentesting
- threat modeling and secure design review
- software component analysis and software supply-chain security
- Experience working with APIs and service-oriented capabilities
- Ability to work with product, engineering, and architecture team members and leaders
- Ability to work in a fast-paced and dynamic environment
- Excellent organizational, project management, and follow-up skills
- Excellent communication, presentation, and reporting skills