**PERMANENT** Sr Product Security Specialist to Conduct thorough reviews of existing

PERMANENT Sr Product Security Specialist to Conduct thorough reviews of existing, new, and proposed products using a combination of source code, dynamic, and dependency scanners, supplemented by manual code reviews and security-focused architecture evaluations for our large Fleet Management client

Duration-PERMANENT

Location- Fully Remote (Working on Eastern hours)

Responsibilities

 

• Review existing/new/proposed products with a variety of source code, dynamic and dependency scanners, manual code reviews and security-based architecture reviews as required
• Manually validates scanner findings by tracing source code for a variety of code bases (C#, .net, Java, js/ts/html, swift, kotlin, python, C, firmware) (Not all Required) and provides developer level suggestions for code remediation.
• Explain risk assessments at both the developer (technical) and management (Non technical) levels.
• Write and maintain scripts/code (bash and python) to generate scan input packages, automate security scanner execution and integrate scanners with CI pipelines and Google Cloud storage and reporting mechanisms.
• Update scanning scripts quickly, and refactor as needed.
• Contribute to secure coding standards (involves developing secure coding training for current and future developers).
• Perform technical writing of assessment reports and vulnerability descriptions for product owners and developers.
• Look at the bigger picture and question whether the coverage is sufficient, and if not make recommendations to address coverage gaps.
• Follow through to prevent things falling through the cracks. Prioritizes work that benefits the team. Escalates issues in a timely manner.
• Support Geotab global strategic initiatives.

MUST HAVES

 

• 3-5 years of experience with security evaluation/analysis and security code reviews
• Experience using source code, dynamic and dependency scanners (e.g. Veracode, Fortify, Sentinel, owasp dependency, NetSparker, Qualys etc.)
• Can evaluate security tools, identify their strengths and weaknesses, and make recommendations about tools, configuration
• Knowledge of programming languages (e.g. C, C#, .NET, Python, Javascript/Typescript); web service technologies (e.g. XML, JSON, SOAP, and REST.); dependency package managers such as npm, nuget, and how they are specified in code.
• Ability to pick up new programming languages quickly.