About the Team

At Sovrn, the Security team’s mission is to drive a culture where all Sovrn teams actively work together to ensure the security of our employees, data and platforms in order to empower our Publishers with services they can trust. 

About the Job

Sovrn is currently seeking a Sr. Product Security Engineer to help develop and implement product security policies and controls. You will work with other members of the security team along with the product development teams to institute secure development practices. The right candidate will rely on a broad skill set across multiple technologies and will have a passion for security. The goal of Security engineering is to empower our product and development teams to create secure platforms through education and automated testing.  This role is a key participant in the culture to create a collaborative partnership across software, data, reliability, and quality engineering teams.

What You’ll Be Doing:

  • Manage platforms to surface product vulnerabilities and work with the teams to remediate 
  • Coordinate training for security awareness and secure SDLC processes
  • Implement security processes and tools for risk reduction and mature our product security 
  • Conduct threat modeling exercises with the product teams to surface issues before and after 
  • Work with QA to automate detection and notification of issues with code
  • Participate in all product inceptions to ensure security measures are being considered from the beginning
  • Participate in product prioritization meetings to champion security initiatives
  • Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks
  • Coordinate and perform secure SDLC awareness and training activities
  • Participate as a member of the Sovrn Security Champions Program
  • Maintain and publish security-focused KPIs
  • Support Enterprise Compliance Program and Customer Success Teams as needed
  • Partner with the organization to provide automated deployments of architected solutions
  • Provide technical and architectural/vision alignment guidance to and mentor junior team members

About You

You are a self starter and able to get the job done without direct supervision. You enjoy being part of a collaborative team but are also independently responsible. Technical challenges and solving problems with your team to make better software gets you excited. You are comfortable in an educating role that outwardly evangelizes security to all levels within the organization. Firm believer that the engineering team owns the quality of the product and designs with this in mind. You work to automate all the things so you can spend more time on what matters most. Above all, you are security minded and excited about technology with a curiosity to learn.

The successful candidate will have:

  • Ability to lead problem definition, solution designs, and define implementation work plans
  • Professional working experience in an automation engineering role
  • Understanding of DevOps and Reliability Engineering practices
  • Experience with cloud technologies (AWS, GCP, Azure)
  • Experience with automation configuration tools (Ansible, Puppet, Chef, etc.)
  • Experience deploying cloud services, monitoring, alerting, and handling critical issues
  • Industry recognized professional certification(s) such as CSSLP, CASE, etc.
  • Strong understanding of fundamental application security concepts - OWASP, etc
  • Must be able to coordinate with teams to implement processes
  • Ability to understand and translate compliance obligations into technical solutions
  • Ability to promote and demonstrate the value of building secure environments 
  • Quickly establish trust and rapport with key stakeholders 
  • A creative yet analytical mindset with problem-solving skills
  • Excellent communication and collaboration skills.
  • Ability to understand business domains and translate to security services
  • Passion for security

Bonus Points:

  • Recent experience in a development role
  • Experience with Agile/JIRA.
  • AWS Security Fundamentals, GCP Associate Cloud Engineer (or equivalent)
  • CompTIA Security+, Network+, A+

This position reports to: VP, Technical Operations

Location: Boulder, Colorado

We understand that no candidate is perfectly qualified for any job. Experience comes in different forms; many skills are transferable; and passion goes a long way. Even more important than your resume is a clear demonstration of accountability impact, and the ability to thrive in a fluid and collaborative environment. We expect you to learn new things in this role, and we encourage you to apply if your experience is close to what we're looking for.

About Sovrn

Sovrn provides products and services to thousands of online publishers to help them understand, operate and grow their business. Sovrn is headquartered in Boulder, Colorado, with offices in New York, San Diego and London. 

With thousands of customers deploying advertising, affiliate marketing, and data products across 40,000 websites, Sovrn reaches over 300 million active consumers across more than 11 billion pageviews every day. Sovrn has been a leader in online publisher technology since its founding and has been recognized by IAB, JICWEBS, and TAG for its role in combating fraud and promoting pro-transparency initiatives. Sovrn is dedicated to helping content creators do more of what they love, and less of what they don't.

Sovrn Core Values: Candid, Customer Empathy, Learning, Scrappy, Second Order Thinking

Compensation and Benefits

In accordance with the Colorado Equal Pay for Equal Work Act, the approximate compensation range for this role in Boulder, Colorado is $125,000 to $160,000, including base salary and any related bonuses or commissions. Final compensation for this role will be determined by various factors such as a candidate's relevant work experience, skills and certifications.

Sovrn offers a full slate of benefits from competitive salaries, stock options, medical, dental and vision coverage, short and long term disability, life insurance, 11 paid holidays, flexible vacation, commuter benefits, a 401(k) plan and match, and a paid parental leave program.

Equal Opportunity Employer 

Sovrn is proud to be an Equal Opportunity Employer and provides equal employment opportunities to all employees and applicants regardless of race, color, religion, gender, gender identity, age, national origin, disability, parental or pregnancy status, marriage and civil partnership, sexual orientation, veteran status, or any other characteristic protected by law. Reasonable accommodations will be made to meet the requirements of the Americans with Disabilities Act and will be provided as requested by candidates taking part in all aspects of the selection process. 

Recruitment Agencies

Sovrn does not accept agency resumes. Please do not forward resumes to our jobs alias or Sovrn employees. Sovrn is not responsible for any fees related to unsolicited resumes.

Apply for this Job

* Required

  
  


Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Sovrn’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.