Senior product security engineer

Job Description

The Senior product security engineer is responsible for leading and executing the Security Development Lifecycle (SDL) for Citrix On-Prem and Cloud products to ensure that our software meets the customer expectation of security robustness, as well as drive and execute SDL best practices and its integration with the CI/CD, Agile and Waterfall development models Duties and Responsibilities You will be responsible for leading and executing the Security Development Lifecycle (SDL) for Citrix On-Prem and Cloud products to ensure that our software meets the customer expectation of security robustness You will lead a team of security engineers for diverse types of product security related projects and workstreams You will drive and execute SDL best practices and its integration with the CI/CD, Agile and Waterfall development models You will create and deliver advanced security training and guidance to product engineers You will guide product development teams on design changes as per security requirements You will perform manual code review activities You will communicate technical issues within scope of assignment You will drive negotiation in the interest of security. You will conduct comprehensive reviews of specific security fixes, as necessary. You will conduct product penetration test in a non-disruptive way for IT/Cloud deployments, including exploit creation to demonstrate a proof of concept. You will validate the efficacy of defensive mechanisms, as well as the engineering adherence to security policies Basic Qualifications Have at least 6 years of experience in Security Engineering You have a Full-time degree in Engineering (Preferably Computer Science related) Must have good verbal and written communication skills; ability to communicate optimally and clearly with different stakeholders in engineering teams You are an expert in at least three of these areas in security -Web, Network, Cloud, Cryptography You are capable of writing exploits for vulnerabilities identified in those respective areas Deep understanding of application architecture and design principles Experience in design review and threat modelling activities Basic understanding of application of AI in security Enthusiasm for staying up to date with the latest updates about security threats and solutions You have solid understanding of most common software vulnerabilities and standard secure coding practices Have excellent capabilities to identify security vulnerabilities and root cause analysis Have proficiency in programming language(s) like C++, C#, . NET Have experience in analysing security mechanisms of browser and associated extensions Have working knowledge wrt different cryptographic schemes including but not limited to key generation , rotation , revocation, etc You also have proficiency in windows system Internals You have demonstrated understanding of Computer Science fundamentals (OS, Networks). Good to have certifications such as OSCP, OSCE, GPEN, CRTP etc