About the position
As a Product Security engineer at Sigma, you will play a crucial role in ensuring the security of our data analytics products. In this role, you'll have the opportunity to see the big picture and engage in activities that span offensive security testing and architecture review, collaborating closely with product and engineering teams to build secure and resilient solutions. This is a hands-on role that demands understanding of attack vectors, a proactive approach to finding vulnerabilities, and the ability to work strategically to influence security architecture and design. Your primary goal will be to identify and mitigate security risks, establish robust security practices, and ensure compliance with relevant security standards and regulations. You will be encouraged to write blogs, speak and join security events to talk about the work you are doing and how other companies can utilize it to better analyze their security data.
Responsibilities
- Conduct offensive security activities including red teaming, blackbox penetration testing, and vulnerability research and improve defensive blue team capabilities.
- Perform comprehensive penetration testing on SaaS applications, and cloud infrastructure.
- Collaborate with Engineering and Product teams to integrate security best practices into the software development lifecycle (SDLC).
- Perform threat modeling / data flow diagramming / design risk analysis/ security assessments, code reviews in partnership with business partners, providing guidance that balances security requirements with functional requirements.
- Shape the security architecture to preemptively thwart attacks.
- Work on incident response efforts related to product security incidents and breaches.
- Communicate and collaborate with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings.
- Promote and grow culture of security within product engineering teams & design, build and operate uniform scalable security policies and controls for our entire product surface.
Requirements
- Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degree preferred.
- Proven experience in offensive security roles such as red teaming, penetration testing, or ethical hacking.
- 4+ years of experience in Product security, with a proven track record in designing, implementing, and managing security programs for cloud-based platforms at Product companies.
- 2+ years of experience in a penetration testing or similar offensive security role.
- Expertise with secure software development practices, including threat modeling, code review.
- Familiarity with programming languages such as Golang, Rust, Typescript, Python or similar.
- Proficiency in security tools and technologies, such as static and dynamic analysis tools, penetration testing tools, and vulnerability scanners.
- Strong technical background in security architecture, CI/CD enablement, cryptography, network security, and application security.
- Good understanding of cloud computing technologies and security principles, particularly in AWS, Azure, or GCP environments.
- Relevant Security Certifications like OSCP or similar is a plus.
Benefits
- Equity
- Generous health benefits
- Flexible time off policy. Take the time off you need!
- Paid bonding time for all new parents
- Traditional and Roth 401k
- Commuter and FSA benefits
- Lunch Program
- Dog friendly office
