About the Role
As a Lead Product Security Engineer, you will :
Secure design,architecture, and implementation covering all steps of our Secure Software Development Life Cycle (S-SDLC).
Lead security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership.
Lead and guide secure design discussions during threat modeling sessions and participate in risk assessments.
Create security guidance and documentation, including compliance as code.
Work closely with our Security Awareness team to provide first class application security interactive and targeted training to our engineers.
Set a high standard for engineering quality and execution that leads to high quality product security artifacts to secure our products’ SDLCs.
You’re a fit for the role of Lead Product Security Engineer if you have :
Engineer Empathy : You have a strong understanding of how developers work andare able to present security initiatives to developers in a way that leverages that understanding.
Knowledgeable in Application Security : Youare passionate about application security including secure coding, supply chain security, and SecDevOps
Drive to continually improve : You are able toanalyze current processes and procedures and determine ways to improve and increase efficiency.
Technical Skills :
Significant applied application security or cloud security experience.
Proven DevOps and cloud experience (python / Golang, AWS preferred, terraform).
Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls.
Professional experience building security champions programs.
Professional experience building and reviewing threat models.
You have been around the block for all things SAST, DAST and SCA and you are able to cut through the noise and the true positives.
Proficiency in Python or Golang mandatory. You are an excellent scripter and can develop solutions dealing with remote APIs.
Experience in building secure CI / CD pipelines (GitHub Actions preferred). All things as-code mindset to expand to security teams.
Understanding of application and cloud and other security frameworks such as OWASP’s, CIS and NIST CSF.
Ability to manage and prioritize between multiple tasks and projects.
Proven success collaborating with many product development groups to instill security.
Additional Skills :
Leadership experience (leading teams / projects, mentoring / coaching team members)
Strong Communication Skills (verbal, written, ability to influence others)
Learning Mindset (emerging technical trends, always learning)
Agile Methodology experience
Experience in secrets management a plus (Vault, CyberArk)
Experience with Veracode and Qualys a plus.
Bachelor’s Degree in computer science or related field and / or equivalent work experience
What’s in it For You :
At Thomson Reuters, our people are our greatest assets. Here are just some of the benefits we offer for your personal and professional growth :
Learning & Development :
Exposure to a wide breadth of leading-edgetechnology
Career growth ability to work on multiple projects and / or with various teams
Professional growth and development opportunity through various training programs, conferences, networking events, in-house speaker series, access to Hackathons, Unconferences, Harvard ManageMentor and more
Benefits / Perks : Health benefits
Savings / investment plans
Paid time off (including time off to volunteer and extended paid family leave)
Flexibility : We've been named as one of Forbes, Best Companies for Work / Life Balance
Global Opportunities : We have employees in over 90 countries, working across 3 different industries
Your wellbeing : We offer a program that focuses on making our lives healthier