ABOUT THIS JOB
As a Product Security Engineer embedded in our engineering team you’ll work directly with your fellow engineers to protect customer data, protect our internet facing applications and assets and help create a solid security foundation in our GCP environment.
You’ll be a member of a team whose mission is to secure and continuously improve security at LiveRamp. We’re looking for someone who is a security subject matter expert and can be a primary point of contact for developers at LiveRamp.
You will solve security challenges by working directly with your fellow engineers and we will embed you within teams so we can balance feature development against security risk and architect solutions that allow us to deliver product quickly and securely.
Leave your ego at the door, roll up your sleeves and start solving huge challenges as soon as you begin.
A Day in the Life of a LiveRamp Product Security Engineer:
- Scrum with co-located application and infrastructure teams in San Francisco to review code and work through security challenges. Pair program with developers to remedy key issues.
- Document and continuously refine security best practices and standards. Develop deep understanding of our business and technology and recommend changes in process. Think holistically about security for LiveRamp.
- Partner with members of the Security org to work with LiveRamp technical leadership to provide status and reporting on the state of security across the entire LiveRamp application and corporate technical stack.
- Maintain and implement LiveRamp enterprise security policies, standards, procedures and guidelines.
- Perform and analyze Static Code Scans using Fortify to identify exposure to common security vulnerabilities. Aid development teams in the identification of false positives found in static analysis as well as observe code being executed for dynamic analysis.
- Threat model existing and future applications. Create frameworks that allow our teams to find flaws before they are introduced into production environments.
- Coordinate and conduct penetration tests on the LiveRamp environment, communicate the results to your fellow developers and executives and lead the efforts to remediate your findings.
- Follow your own muse and engineer whatever interests you in one of our four Hackweeks every year.
You are an ideal candidate if:
- You possess a strong understanding of GCP services and architectures
- You have 5 years of experience as a security engineer in a production environment.
- You want to help your fellow engineer deliver product and have a natural inclination to collaborate with development and infrastructure teams.
- You enjoy working as part of a team. You can think outside the box and come up with creative ways to solve a problem.
- You have working knowledge of Docker and Kubernetes security
- You have experience with Static code analysis tools such as HP Fortify and are comfortable collaborating with and educating Development teams to prioritize fixes.
- You have some level of experience with multiple programming languages (such as, Java, Ruby, Go, C++, Python, Perl, etc.)
- You have experience communicating security concerns and issues to non-technical audiences.
- Bachelor's Degree in Computer Science or similar field.
- Minimum 5+ years relevant experience
- Significant experience in at least one of Ruby, Go, or Java
- Experience building tools and processes to reliably identify security issues across large code bases.
- Expertise with web application security best practices.
- Relevant certification(s) such as CISSP, CEH, GIAC, etc. Alternatively, you are active in the Security community and attend and speak at conferences like Bsides, THOTCON and ShmooCon.
LiveRamp provides the identity resolution services and integrations that are the foundation for omnichannel marketing. Our services transform the technology platforms used by our customers into people-based marketing channels that improve the relevancy of marketing, and ultimately allow consumers to better connect with the brands and products they love.
LiveRamp is looking for engineers to secure our cloud based infrastructure and products. LiveRamp’s IdentityLink product is an identity resolution service that ties data to real people and makes it possible to use that data in a secure, privacy-safe way for marketing initiatives across any digital platform. We process billions of transactions on a daily basis and the companies we work with entrust us with their most sensitive data.