Sr. Security Software Engineer, FlashArray

We are seeking an experienced and highly skilled Principal Security Engineer to join our dynamic team. In this role, you will lead and drive the security strategy for our products and applications, ensuring they meet the highest standards of security and compliance. You will work closely with cross-functional teams to design, implement, and maintain robust security measures that protect our clients and their data. Additionally, you will play a crucial role in the development of security-related product features, integrating security at every stage of the product lifecycle.

Key Responsibilities:

1. Security Strategy and Leadership:

   • Develop and implement the overall security strategy for our software products and applications.
   • Provide technical leadership and mentorship to the security engineering team.
   • Stay current with emerging security threats and industry trends to proactively address potential risks.

2. Security Design and Architecture:

   • Collaborate with product managers, architects, and developers to design secure software features and architecture.
   • Conduct threat modeling, risk assessments, and vulnerability analysis for new and existing applications.
   • Define and enforce security best practices and standards throughout the software development lifecycle (SDLC).

3. Product and Application Security:

   • Lead efforts to identify, assess, and remediate security vulnerabilities in our products and applications.
   • Implement and maintain security tools and technologies for continuous monitoring and protection.
   • Perform code reviews, penetration testing, and security audits to ensure compliance with security requirements.

4. Development of Security-Oriented Product Features:

   • Drive the development of security-oriented product features, ensuring they are designed and implemented with the highest security standards.
   • Work closely with the product development team to provide security insights and guidance throughout the product lifecycle.
   • Evaluate and recommend new technologies and tools to enhance the security capabilities of our products.

5. Incident Response and Management:

   • Develop and maintain incident response plans and procedures.
   • Lead investigations and response efforts for security incidents and breaches.
   • Conduct root cause analysis and implement corrective actions to prevent future incidents.

6. Collaboration and Communication:

   • Work closely with other engineering teams, including DevOps and IT, to integrate security practices into all aspects of the development and deployment processes.
   • Communicate security risks, incidents, and mitigation strategies to stakeholders, including executive leadership.
   • Provide training and awareness programs to promote a security-conscious culture within the organization.

Requirements:

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• 8+ years of experience in security engineering or a related role, with a focus on product and application security.
• In-depth knowledge of security principles, protocols, and best practices.
• Experience with security assessment tools, penetration testing, and vulnerability management.
• Strong understanding of software development methodologies, including Agile and DevOps.
• Proven experience in secure coding practices and secure software development lifecycle (SDLC).
• Excellent problem-solving skills and the ability to think like an attacker.
• Strong communication and leadership skills, with the ability to influence and drive security initiatives across the organization.

This is an office-centric role, and you are expected to be present in the office for 4 days a week. The role may be eligible for incentive pay and/or equity.