1. Drive tailored SDL practice into specific engineering.

2. Consult architect on security requirements and utilize best practices to meet them. •

3. Engage in application, platform and domain-specific threat modeling and attack surface analysis/reduction.

4. Engineer Security solutions for cloud and embedded products, and the planning and implementation of risk mitigating security solutions.

5. Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development.

6. Implement security control across the technology stack to meet security and compliance requirements for IaaS, Paas, and SaaS.

7. Help prepare reports at appropriate levels of confidentiality for stakeholders to view.

8. Responding promptly and in detail to customer-sponsored penetration tests.

9. Promotes best practices, design patterns, standards through workshops, knowledge sharing, and code walk-throughs.

10. Build automation around testing tools and techniques.

11. Tailor communication to a variety of audiences and perspectives, and anticipates issues to prevent conflict.

12. Work with the Product teams and Cloud Infrastructure and Platform teams to lead initiatives and develop and build security utilities and tools that will enable Envision Digital to operate more securely.

13. Translate Standards and Regulatory based controls to Engineers do they understand what needs to be done.

14. Build and maintain a robust infrastructure/platform/product security roadmap to meet customer demands and regulatory mandates.


Required Qualifications:

1. Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or 5 years of equivalent experience.

2. 2-4 years of experience in application/product security.

3. Good knowledge of CI/CD and experience working with automation tools (Git, Jenkins) and Infrastructure/Security as Code.

4. Good knowledge and experience working with virtual infrastructure and containerization technologies.

5.Good knowledge of web application penetration testing.

6. Experience with the application of risk identification and evaluation techniques. Preferred Qualifications:

7. 2-4 years of experience in application/product security in a cloud environment.

8. Experience with broad set of information security technologies and processes within an IaaS, PaaS, and SaaS.

9. Communicating within the team and outside, including customers and other business units.

10. Experience working with hardening baselines such as those defined in CIS.

11. Experience in cryptography, network security or systems security.

12. Experience in embedded (Edge compute) security, IoT Security and Operational Technology (IOT) security.

13. Skilled at explaining complex technical issues in terms understandable by the business.

14. Excellent written and verbal communication skills, especially experience with executive-level communications.

15. Experience with web-based applications and/or web services-based applications, especially at massive scale. Travel: Occasional travel is required (COVID pending)