About The Role
Safe Software is looking for a Product Security Engineer who is interested in becoming part of one of the fastest growing data integration companies in the world! As a Product Security Engineer on the Security team, you will develop and test security best practices and standards, processes and guidelines, and lead efforts to mitigate emerging threats to support the development and integration of Safe’s FME software products.
This role can be based remotely anywhere within Canada and will report into our headquarters based in Surrey, BC, Canada.
Employment is contingent on the successful completion of reference checks and a criminal record check or enhanced background check prior to final offer.
About the Team
The Security team oversees all aspects of security at Safe Software. They work collaboratively with IT Operations, Developers, Product Managers, Human Resources, Legal, Vendors, and other stakeholders to ensure that we are meeting and exceeding security standards across the organization.
As Product Security Engineer, you will be spearheading initiatives to support the secure development and integration of FME software: including our Desktop, Server, Cloud products, mobile applications, and our public website. You will be both hands-on technical and influential, where you will have the opportunity to directly collaborate with cross-functional teams to drive security throughout the entire product.
What You'll Be Doing
- Perform software security reviews, assessments and threat modeling on application design and code to identify vulnerabilities.
- Develop pragmatic recommendations and solutions to known and unknown risks.
- Provide expertise in the implementation of risk management strategies within development practices.
- Document and train developers on recommended technologies, controls and processes.
- Research latest application security tools, standards, and best-practices and ensure they are applied.
- Resolve security related issues with the development team with a lens of continuous improvement to understand and adapt to changing threats and techniques.
- Recommend, develop and enforce security and data governance standards in line with security requirements.
- Collaborate with stakeholders to define/refine and implement corporate security policies and ISO 27001 standards.
Qualifications, Skills, and Competencies
- Bachelor's degree in Computer Science, Computer Information Systems or a related degree.
- 3+ years experience in a related role.
- Understanding of application (security) architecture and secure software development life cycle principles.
- Experience with threat modeling and / or security threat risk assessments.
- Understanding of tactics, techniques, and procedures used by threat actors against vulnerabilities within software’s authentication and authorization, cryptography, or business logic mechanisms.
- Understanding of industry-leading cybersecurity frameworks (NIST, OWASP, SOC, BSIMM, SAMM, etc.)
- Excellent communication and interpersonal skills.
- Strong time management and organization skills.
- Able to work independently and in a team environment.
- Cross platform experience. (Windows, Linux, MacOS).
- Experience with any of the following technical disciplines: cloud security, network security, cryptography, mobile application security, software development and coding, identity management, authentication and authorization, network architecture, and systems engineering
- Experience with multiple programming languages (C++, Java, Python, and/or Ruby) in both development and code review
- Understanding of the U.S. Federal Information Processing Standards (FIPS)
- Familiarity with the NIST Secure Software Development Framework (SSDF), PCI Secure SLC Standard, and/or OWASP Application Security Verification Standard (ASVS)
- Security certification such as CompTIA Security+/CySA+, CSSLP (Certified Secure Software Lifecycle Professional), CCSP (Certified Cloud Security Professional).
Base Salary: $83K - $105K per year
Life At Safe
At Safe, you’ll find a community of passionate and innovative people who thrive on working together as a team to push our vision forward.
While we take our work seriously, Safe is committed to encouraging work-life balance. With extra paid time off during the holidays and plenty of lunchtime sports to join, Safers are able to stay happy and healthy year-round. All Safers have the opportunity to grow with access to a learning and development budget, give back to their community with volunteer time, and get to know each other better with annual team-building events. This way, all Safers are able to innovate, support each other, and have some fun along the way.
When you join Safe, you’ll get your own laptop along with a new hire welcome package complete with Safe swag, of course. Currently, you’ll be working remotely along with the rest of the team due to COVID-19. On your first day, you’ll receive an orientation and meet your team to get role-specific training. After that, feel free to join any virtual activities like trivia, virtual coffee chats, or team games!
About Safe Software
Safe Software is the creator and developer of FME — the data integration platform with the best support for spatial data worldwide. Over 10,000 organizations around the world use FME in industries like AEC, government, utilities, and transportation to maximize the value of their data.
Founded in 1993, Safe is headquartered in Surrey, BC with over 190 team members and counting. We’re always looking for talented individuals with diverse backgrounds who are determined to learn and grow. Are you ready to join the team?
Our Commitment to Diversity and Inclusion
Safe Software is an equal opportunity employer and we truly believe that innovation and strength begin with diversity and inclusion. We welcome all candidates regardless of race, gender identity or expression, sexual orientation, age, ability, disability, national or ethnic origin, political belief, religion, or family status. Should you require accommodations during the recruitment process, please contact firstname.lastname@example.org.