Lead Product Security Engineer

As a Lead Product Security Engineer at REA Group, you will collaborate with delivery teams to implement solutions using various programming languages and cloud technologies. Your role will involve targeting improvements to existing software applications and systems, building capability, and fostering the culture of software custodianship at REA. You will also be responsible for implementing and maintaining security tooling in cloud deployments, CI/CD pipelines, networking, and monitoring to support business objectives. Your experience in software development security practices and collaboration skills will be essential in adapting and building plans to meet security objectives. Your key responsibilities will include: - Supporting and consulting with product and development teams for application security, including threat modeling and code reviews. - Designing, building, testing, and deploying changes to software to remediate security issues and integrate security tools. - Assisting teams in reproducing, triaging, and addressing application security vulnerabilities. - Developing security processes and automated tooling to prevent security issues. - Embedding security practices into the ways of working for product delivery teams. - Implementing, operating, and supporting security tooling, services, platforms, and patterns for IT delivery teams. - Advocating for security practices within developer and stakeholder communities. - Coaching and mentoring junior team members. Qualifications required for this role: - Demonstrated competency in technology and software engineering principles. - Experience with application security frameworks such as OWASP Top 10, ASVS, and NIST. - Knowledge of web technologies, common web frameworks, vulnerabilities, and mitigations. - Understanding of security thinking within the DevSecOps software development lifecycle. - Experience implementing application security tooling for CI/CD integrations. - Familiarity with DDoS, WAF, or anti-bot protection technologies. - Ability to make trade-offs between risk, reward, and prioritizing improvements. - Demonstrated growth mindset and ability to work in a fast-paced and agile environment. In addition, you should possess: - At least 8+ years of experience in application security and software development. - Skills in programming languages like Java, Python, TypeScript, Kotlin, and/or JavaScript. - Familiarity with infrastructure as code and build tools like Terraform and Buildkite. - Proficiency in modern software development techniques. - Experience in leading and coaching junior team members. Other skills that will be beneficial for this role: - Excellent communication and interpersonal skills. - Understanding of cloud infrastructure and technologies. - Tertiary qualification in Computer Science or similar. - Effective communication and collaboration with business stakeholders. - Ability to build successful professional relationships with key stakeholders and development teams.,