Senior Product Security Engineer
hace 4 semanas
Overview
Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the understanding and management of experience for candidates, customers, employees, patients, citizens and residents.
We are more than a software company. We want to be known as a company that does the right thing, no matter the challenge or controversy. We are committed to creating a culture that values every person and every experience. Individual life experiences shape the way we interact with the world, which is why we encourage people to bring their whole selves to work each day. The strength of our global workforce is the most significant contributor to our success.
We believe: Every Experience Matters. Talent is Everywhere. All Belong Here.
At Medallia, we hire the whole person.
The Role and Team
At Medallia, the Product Security team’s mission is to build customer trust in Medallia’s products by setting the standards and principles for secure development and validating our security through continuous assessment.
At Medallia, we feel very strongly about protecting our clients’ information, and are looking for like-minded engineers to solve complex security challenges while enabling the rapid growth of the business globally. This Product Security role is a key role to maturing our security program within the development lifecycle of our product portfolio and offers tremendous growth opportunities at a security conscious company on a high growth trajectory. As Medallia becomes a trusted partner to organizations across the globe and spanning several industry verticals, it is more important than ever that we continue to stay a step ahead in securing our applications, services and data.
The Senior Product Security Engineer role will work closely with our global engineering teams and ensure that we build secure and robust software in the world of SecDevOps and Agile. We are looking for a candidate who is passionate about security, has a strong technical background and loves creating innovative solutions to challenging problems.
Our Engineering Culture:
- We don’t expect to be perfect, but we are always proactively seeking out ways to help ourselves and our teams to minimize pain points within our infrastructure and code base.
- We love technology and follow the latest technologies and sharing what we learn.
- We are not afraid of failing when we are experimenting with different technologies, development methodologies, and toolings.
- We build strong relationships with team members around the globe and are not afraid to challenge our team members and peers on enforcing good habits and best practices.
Some High-level Areas We’re Investing In Include:
- Implementing RASP (Runtime Application Self-Protection) for all Medallia products
- Scale proactive security controls to new environments (e.g. acquisitions).
- Application Security posture management (ASPM)
- API Security
Responsibilities
- Perform application security assessments including architecture review, threat modeling, code review and penetration testing, Bug Bounty triaging on both web and mobile (iOS, Android, and React Native) platforms.
- Assist and enable engineering teams to adopt secure development practices.
- Provide software security advice to cross-functional teams including product, engineering, and services.
- Create and refine the Security Champions Program to align with Medallia’s security goals and objectives.
- Extensive development experience to write automation scripts, conduct in-depth code reviews, identify and address security vulnerabilities, and integrate security features into the application lifecycle.
- Work closely with engineering and product teams to drive security issues to resolution.
- Develop and mature software security guidance including training materials, best practices, secure development standards, etc.
- Automate security testing at scale by building and implementing static (SAST), dynamic analysis tools (DAST), SCA, and integrating security into the software development lifecycle using CI/CD process.
- Employ knowledge and deep understanding of the threat landscape, SaaS industry, and customer feedback to drive the pipeline of impactful security features.
Qualifications
Minimum Qualifications:
- 4 years of experience with software security assessments and remediation in Java (or other object-oriented languages)
- Demonstrated experience in at least two of the following areas: architecture review/threat modeling, penetration testing, and static code analysis automation
- Demonstrated experience with tools and technologies used throughout secure SDLC (e.g., Checkmarx, Fortify SCA, Coverity, AppScan Standard/Enterprise, WebInspect, Netsparker, Burp Suite, Nessus, etc.)
- Have set-up or supported bug bounty programs.
- Advocated for security within teams by clearly articulating security risks and mitigation strategies, ensuring that security considerations are prioritized in product development and operational processes.
- Developed comprehensive security documentation, including threat models, security coding practices. Ensured documentation was clear, accurate, and useful for both technical and non-technical stakeholders.
Preferred Qualifications:
- 5+ years of experience with software security assessments and remediation in Java (or other object-oriented languages)
- Independent problem-solving capabilities and excellent communication skills
- Drive to take ownership of projects and drive resolution without close supervision
- Proven ability to work collaboratively across and within teams
- CISSP or CSSLP certification
- Knowledge of OSS scanning tools like Black Duck, SRC:CLR, Defensics, Snyk
- Knowledge of Node.js or any modern JS framework (such as React.js), or with native mobile development
- Knowledge of popular web development frameworks (AngularJS, React, Redux, Velocity, StringTemplate, jQuery, Jackson, THRIFT, etc.)
- Proficiency with Python, Ruby, or other scripting languages
- Knowledge of microservices architecture and containers
- Experience working in a compliance-focused environment Knowledge of FedRAMP (Federal Risk Authorization Management Program)
- Knowledge of FISMA (Federal Information Systems Management Act)
At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other applicable status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at For information regarding how Medallia collects and uses personal information, please review our Privacy Policies.
#LI-LR1
#J-18808-Ljbffr-
distrito federal, México Fleming Farms Senior Living A tiempo completoAbout the Role We are seeking a highly skilled Senior Cyber Security Network Engineer to join our team at NielsenIQ. As a key member of our security team, you will be responsible for maintaining and enhancing our network security posture, ensuring the confidentiality, integrity, and availability of our data and systems. Key Responsibilities Design,...
-
Senior Security Engineer
hace 4 semanas
distrito federal, México Thomson Reuters A tiempo completoAs a Senior Security engineer within Information Security and Risk Management (ISRM) Product Security, you will join us on our mission to bring frictionless and continuous security to our engineering teams who build our products to securely Inform The Way Forward. We promise you won’t be bored with all our bold security engineering initiatives! You will be...
-
Senior Product Security Engineer
hace 3 semanas
distrito federal, México Medallia A tiempo completoOverview Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the understanding and management of experience for candidates, customers, employees, patients, citizens and residents. We are more than a software company. We want to be known as a company that does the...
-
Senior Cyber Security Platform Engineer
hace 4 semanas
distrito federal, México Refinitiv A tiempo completoSenior Cyber Security Platform Engineer About the Role: Delivers high quality solutions across cyber security functions including, but not limited to: threat detection, cyber threat intelligence, network security, incident response, insider threat prevention, defensive platforms and engineering, vulnerability management, and attack surface reduction.Drives...
-
Senior Cyber Security Platform Engineer
hace 13 horas
distrito federal, México Refinitiv A tiempo completoSenior Cyber Security Platform Engineer About the Role: Delivers high quality solutions across cyber security functions including, but not limited to: threat detection, cyber threat intelligence, network security, incident response, insider threat prevention, defensive platforms and engineering, vulnerability management, and attack surface reduction.Drives...
-
Cloud Security Engineer
hace 2 días
distrito federal, México The MBA Fund A tiempo completoJeeves is a groundbreaking financial operating system built for global businesses that provides corporate cards, cross-border payments, and spend management software within one unified platform. The company operates across 20+ countries including Brazil, Canada, Colombia, Mexico, the United Kingdom, across Europe, and the United States, and serves over 5,000...
-
Product Security Architect
hace 1 semana
distrito federal, México Mindbody A tiempo completoWe're revolutionizing the fitness & wellness industry, and we're looking for talented people to help us do it. Mindbody + ClassPass bring together the best of both sides of the market: Mindbody is the industry's most trusted all-in-one technology platform; ClassPass is one of the most popular apps for fitness & self-care enthusiasts. Together we're...
-
Senior Specalist
hace 4 días
distrito federal, México MX003 Marsh And Mclennan Servicios S.A. De Cv A tiempo completoDescription : MMC is seeking candidates for the following position based in the Mexico City office and be onsite 3 days a week: Senior Specialist Application Security. What can you expect? The Application Security Engineer will act as a security advisor to various teams across MMC. Develop code samples and prototypes. We will count on you to: Review...
-
Cyber Security Engineer
hace 1 semana
distrito federal, México Advent Infotech LLC A tiempo completoCyber Security Engineer: As a Cyber Security Engineer, you will be responsible for safeguarding an organization's computer networks and systems. You will utilize your expertise in cybersecurity principles, practices, and tools to protect sensitive data, prevent unauthorized access, and mitigate potential security threats. Your role will involve designing,...
-
Lead Security Engineer
hace 1 semana
distrito federal, México HERE Technologies A tiempo completoJoin Us to Shape the Future of Digital Security at a Global Scale! As a Lead Security Engineer, you will be at the forefront of safeguarding our critical infrastructure and data. Your role involves dynamic challenges including: Security Incident Analysis and Resolution : Leverage your expertise to manage and resolve security incidents from diverse sources...
-
Application Security Engineer
hace 4 semanas
distrito federal, México PepsiCo Deutschland GmbH A tiempo completoOverview Are you ready to shape the future of secure applications at PepsiCo? PepsiCo’s Global Application Security Program is at the forefront of integrating automated security testing into our CI/CD pipelines and ensuring continuous monitoring to identify and manage security risks. As an Application Security Engineer, you will be responsible for driving...
-
Information Security Engineer
hace 4 semanas
distrito federal, México Bishop Fox A tiempo completoBishop Fox Bishop Fox, the leader in offensive security, continuous pen testing, red teaming, attack surface management, and traditional security assessments. Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application...
-
Senior Cyber Security Network Engineer
hace 4 semanas
distrito federal, México NielsenIQ A tiempo completoNielsenIQ is working toward a position of greater maturity within the Network Security technology domain. This position will be responsible for maintaining current technologies while working toward implementing more sophisticated means of visibility and control of network traffic. You will be supporting programs across all geographies and business units. Job...
-
Lead Security Engineer
hace 13 horas
distrito federal, México HERE Technologies A tiempo completoHERE Technologies HERE is a PaaS for building, deploying and scaling location solutions. Create custom maps, visualize location datasets, gather insights and buy and sell location assets. Join Us to Shape the Future of Digital Security at a Global Scale! As a Lead Security Engineer you will be at the forefront of safeguarding our critical infrastructure...
-
Senior Cyber Security Network Engineer
hace 4 días
distrito federal, México NielsenIQ A tiempo completoNielsenIQ is working toward a position of greater maturity within the Network Security technology domain. This position will be responsible for maintaining current technologies while working toward implementing more sophisticated means of visibility and control of network traffic. You will be supporting programs across all geographies and business units. Job...
-
Senior Process Engineer
hace 4 semanas
distrito federal, México The Chemical Engineer A tiempo completoDESCRIPTION At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to...
-
Senior DevSecOps Engineer
hace 2 semanas
distrito federal, México Luxoft A tiempo completoProject description Application Modernization Practice is a horizontal practice, supporting all business verticals in Luxoft. We are looking for a Senior DevSecOps Engineer who will be able to work with various projects. Responsibilities Implement security measures throughout the cloud migration process to ensure compliance with industry standards and best...
-
Senior Security Operations Engineer
hace 1 semana
distrito federal, México Medallia A tiempo completoOverview Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the understanding and management of experience for candidates, customers, employees, patients, citizens and residents. We are more than a software company. We want to be known as a company that does the...
-
Application Security Engineer
hace 4 semanas
distrito federal, México Udemy A tiempo completoAt Udemy, we’re on a mission to transform lives through learning. Through our intelligent skills platform and a global community of instructors, we’ve helped over 70 million learners and 16,000 organizations achieve their goals. Come join us in ensuring everyone, everywhere has access to the skills they need to unlock their potential and create...
-
Security Engineer
hace 4 días
distrito federal, México SUSE A tiempo completoAbout Us Always open. Our code, our culture, our opportunities. Leading open innovation without limits. We are SUSE. SUSE is a global leader in innovative, reliable and secure enterprise open source solutions, including SUSE Linux Enterprise (SLE), Rancher and NeuVector. More than 60% of the Fortune 500 rely on SUSE to power their mission-critical...
