Product Security Engineer I
About the Team
At Sovrn, the Security team’s mission is to drive a culture where all Sovrn teams actively work together to ensure the security of our employees, data and platforms in order to empower our Publishers with services they can trust.
About the Job
Sovrn is currently seeking a Product Security Engineer to help implement product security policies and controls. You will work with other members of the security team along with the product development teams to institute secure development practices. The right candidate will grow an existing understanding of security concepts into a broad skill set across multiple technologies and will have a passion for security. The goal of Security engineering is to empower our product and development teams to create secure platforms through education and automated testing. This role is a key participant in the culture to create a collaborative partnership across software, data, reliability, and quality engineering teams.
What You’ll Be Doing:
- Manage platforms to surface product vulnerabilities and work with the teams to remediate
- Coordinate training for security awareness and secure SDLC processes
- Implement security processes and tools for risk reduction and mature our product security
- Coordinate threat modeling exercises with the product teams to surface issues before and after
- Work with QA and Corp Security to coordinate remediation efforts identified from vulnerability scanning
- Participate in all product inceptions to ensure security measures are being considered from the beginning
- Coordinate with implementation of identified controls
- Participate as a member of the Sovrn Security Champions Program
- Maintain and publish security-focused KPIs
- Support Enterprise Compliance Program and Customer Success Teams as needed
You are a self starter and able to learn quickly with support from mentors and peers. You enjoy being part of a collaborative team but are also independently responsible. Technical challenges and solving problems with your team to make better software gets you excited. You are comfortable in an educating role that outwardly evangelizes security to all levels within the organization. Firm believer that the engineering team owns the quality of the product and designs with this in mind. You work to automate all the things so you can spend more time on what matters most. Above all, you are security minded and excited about technology with a curiosity to learn.
The successful candidate will have:
- A creative yet analytical mindset with problem-solving skills.
- General understanding of fundamental application security concepts to include:
- Risk and vulnerability management
- Understanding of DevOps and Reliability Engineering practices.
- Understanding of SDLC
- Must be able to coordinate with teams to implement processes
- Ability to understand and translate compliance obligations into technical solutions
- Ability to promote and demonstrate the value of building secure environments
- Quickly establish trust and rapport with key stakeholders
- Excellent communication and collaboration skills.
- Passion for security
- Experience with software development or scripting languages.
- Experience with Agile/JIRA.
- Experience with cloud technologies (AWS, GCP, Azure).
- Experience with automation configuration tools (Ansible, Puppet, Chef, etc.).
This position reports to: VP, Technical Operations
Location: Boulder, Colorado
We understand that no candidate is perfectly qualified for any job. Experience comes in different forms; many skills are transferable; and passion goes a long way. Even more important than your resume is a clear demonstration of accountability impact, and the ability to thrive in a fluid and collaborative environment. We expect you to learn new things in this role, and we encourage you to apply if your experience is close to what we're looking for.
Publishers create the content the world depends on for education, entertainment, and commerce. Sovrn provides products and services to tens of thousands of online publishers to help them grow, operate their business, understand their readership, and manage consumer data. Sovrn is headquartered in Boulder, Colorado with offices in San Francisco, New York, and London.
With 10,000 customers deploying one or more products across 30,000 websites, Sovrn reaches 200M consumers across more than 3.5B pageviews everyday. Sovrn has been a leader in online publisher technology since its founding, and has been recognized by IAB, JICWEBS, and TAG for its role in combating advertising fraud and promoting pro-transparency initiatives. Sovrn is dedicated to helping content creators do more of what they love, and less of what they don’t.
Sovrn Core Values: Candid, Customer Empathy, Learning, Scrappy, Second Order Thinking
Compensation and Benefits
In accordance with the Colorado Equal Pay for Equal Work Act, the approximate compensation range for this role in Boulder, Colorado is $105,000 to $134,500, including base salary and any related bonuses or commissions. Final compensation for this role will be determined by various factors such as a candidate's relevant work experience, skills and certifications.
Sovrn offers a full slate of benefits from competitive salaries, stock options, medical, dental and vision coverage, short and long term disability, life insurance, 11 paid holidays, flexible vacation, commuter benefits, a 401(k) plan and match, and a paid parental leave program.
Equal Opportunity Employer
Sovrn is proud to be an Equal Opportunity Employer and provides equal employment opportunities to all employees and applicants regardless of race, color, religion, gender, gender identity, age, national origin, disability, parental or pregnancy status, marriage and civil partnership, sexual orientation, veteran status, or any other characteristic protected by law. Reasonable accommodations will be made to meet the requirements of the Americans with Disabilities Act and will be provided as requested by candidates taking part in all aspects of the selection process.
Sovrn does not accept agency resumes. Please do not forward resumes to our jobs alias or Sovrn employees. Sovrn is not responsible for any fees related to unsolicited resumes.