Due to current COVID-19 restrictions, this is a temporary work from home role but will ultimately work in the Cox Automotive offices in Atlanta, Georgia / Dallas, Texas / Carmel, Indiana / Burlington, Vermont / Sacramento, California / Irvine, California / Austin, Texas / North Hills, New York.
The Senior Security Engineer – Product Security (“Product Security Engineer”) is a senior security engineer focused on helping Cox Automotive build secure products and software, with a strong emphasis on preventative measures.
The Product Security Engineer combines their software engineering background and security expertise to create security capabilities while protecting the Cox Automotive developer experience and making it easy to do the right thing.
The Product Security Engineer runs projects and operations related to application and software security testing capabilities for Cox Automotive, delivering rapid feedback for engineers and security quality reporting for product & security leaders.
The Product Security Engineer shares their in-depth knowledge as part of the product security center of excellence, providing guidance, references, education, and support to security ambassadors
- Reporting to the Product Security Director, serves as a member of the Product Security Engineering team, providing in-depth expertise
- Maintains alignment with Engineering Enablement, Business Information Security Office, Cloud Business Office, and Engineering Operations leadership to ensure a unified approach to deploy security capabilities and services to engineering teams
- Works with Engineering Enablement to maintain the security of common build, test, integration, delivery, and deployment capabilities, and to align security services to common capabilities
- Works with the security metrics team to update product security scorecards and insights
- Provides input to a backlog of gaps and opportunities for security capabilities
- Builds security capabilities that standardize common security patterns, prevent bugs & exploits, automatically mitigate risks, and save development time
- Provides in-depth guidance in threat modeling, making it easy for teams to write security requirements/stories/cases and associated tests
- May contribute to product protection capabilities such as WAF and RASP
- Provides in-depth support for software security testing capabilities, customer requests, and maintains high levels of service
- Promotes product security and educates engineering teams on secure development best practices and maintains references, patterns, and security decisions that assist developersActs as an engineering advocate: uses common Cox Auto tools and technologies, beta-testing new Risk & Security initiatives, and providing feedback
- Where permitted by applicable law, must be fully vaccinated against COVID-19 to be considered for this U.S. based job. (Reasonable accommodations for medical and religious objections will be considered.)
- BA/BS Degree, preferably formal studies in Computer Science, Software Engineering, Information Systems, or equivalent
- 5+ years of combined experience in Software Engineering, Risk, and Security
- Ability to read and write in Java or .NET and a scripting language
- Experience with the two of the following:
- static security analysis, linting, and code review
- dynamic application security testing and manual application pentesting
- threat modeling and secure design review
- software component analysis and software supply-chain security
- Experience working with APIs and service-oriented capabilities
- Ability to work with and influence product, engineering, and architecture team members and leaders
- Ability to work in a fast-paced and dynamic environment
- Excellent organizational, project management, and follow-up skills
- Excellent communication, presentation, and reporting skills