Senior Product Security Engineer

Full Time
4 months ago
Joining Collibra’s Product Security team
  • You will identify vulnerabilities and provide remediation consulting for our product development teams. You will work closely with assigned development teams to understand the products and features they support and work to ensure Collibra continues to deliver secure products and services to our customers.
  • You will be an application security evangelist incorporating best practices into Collibra software and processes.
Product Security Engineers at Collibra are responsible for
  • Application security for products and/or features supported by your assigned development teams.
  • Performing security testing and triaging findings identified by SAST, SCA, IAST, DAST, and penetration tests.
  • Providing remediation consulting services to assigned development teams.
  • Assist with vulnerability management reporting and tracking.
  • Coordinating third-party penetration testing engagements, analyzing reports, and opening tickets for remediation.
  • Contribute to the configuration and management of security tools.
You have
  • 5+ years of application/product security experience.
  • 2+ years of experience securing Java, Python, and/or JavaScript web applications.
  • Knowledge of enterprise-level software architecture components and cloud infrastructure.
  • Experience building trusted advisor relationships with engineers, product owners, and engineering management (up to director level).
  • Experience advocating for the remediation of application security risk and, simultaneously, the associated development/engineering team(s).
  • A bachelor’s degree or equivalent related working experience is required.
  • Because this role supports the US government, it is required that this candidate be a US citizen who resides on US soil.
You are
  • knowledgeable of CICD concepts and experience with integrated SAST, SCA, and DAST tooling.
  • Proficient at triaging application vulnerabilities associated with source code, open-source library dependencies, and 3rd party containers.
  • Able to assess and communicate the impact of Common Vulnerability Weaknesses (CVEs) on custom application software and advise on risk acceptance/deferment for false positive scenarios, severity adjustments, and acceptable reasoning for operational requirements.
  • Experienced in executing as a matrixed/embedded security resource (within a development team) responsible for product, application, or feature group vulnerability assessments, ensuring they are appropriately enumerated and executed.
  • Possess a working knowledge of Python, Java, and/or JavaScript software development languages.
  • Experienced in Linux and containerization in a cloud environment.
  • Experienced in communicating the impact of security vulnerabilities to engineering teams and product leaders.
  • Experienced in using SAST, DAST, and SCA tooling.
  • Experienced in being a point of contact for outside/3rd party security assessments (pen tests, questionnaires, etc.).
  • knowledgeable of vulnerability management concepts, challenges, and reporting.
  • Possess a working knowledge of the OWASP Top 10 and can explain its concepts to a diverse audience of engineers and people leaders.
Measures of success
  • Within your first month, you will absorb fundamental knowledge about Collibra processes/tools and SDLC.
  • Within your third month, you will own application security engineering tasks for one or more development teams responsible for product features.
  • Within your sixth month, you will be responsible for managing triaging efforts for 3rd party pen testing and be able to resolve customer product security inquiries independently.
Compensation for This Role

The standard base salary range for this position is $152,000.00 - $190,000.00  per year. This position is not eligible for additional commission-based compensation. Salary offers are based on a combination of factors, including, but not limited to, experience, skills, and location.

In addition to base salary, we offer equity ownership at every level, bonus potential, a Flex Fund monthly stipend, pension/401k plans, and more.

Benefits at Collibra

Collibra recognizes and values that everyone has different needs, interests, and life goals. We built our {Be}well benefits program with flexibility in mind to support you and your loved ones through a diverse range of circumstances and life events. These flexible offerings sit on a foundation of competitive compensation, health coverage, and time off.

Professional Development

Collibrians are ambitious and inventive, and we want to develop our skills individually and as a team. You’ll have access to development opportunities, as well as other rewards and recognition programs to help grow your career.

Health Coverage

We strive to remain locally competitive and globally equitable. This means comprehensive offerings including medical, dental, vision, and mental health benefits for you and your family.

Paid Time Off and Flexibility

We provide unlimited paid time off, global leave policies for a variety of personal and family circumstances, company-wide wellness days off throughout the year, meeting-free Wednesdays, and a flexible culture to help balance your work and your life.

Diversity, Equity, and Inclusion

We create inclusion and belonging through how we onboard, meet, connect, engage, and communicate. Learn more about diversity, equity, and inclusion at Collibra.

Learn more about Collibra’s benefits.

At Collibra, we’re proud to be an equal opportunity employer – which ties directly to our core value, “open, direct, and kind.” We realize the key to creating a company with a world-class culture and employee experience comes from who we hire and creating a workplace that celebrates everyone. 

With this, we proudly consider qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sexual orientation, pregnancy, sex, gender identity, gender expression, genetic information, physical or mental disability, HIV status, registered domestic partner status, caregiver status, marital status, veteran or military status, citizenship status or any other legally protected category. If you have a need that requires accommodation, let us know by completing our Accommodations for Applicants form.

#LI-AC1