Product Security Engineer

at  Aras Corporation

Aras is looking for a Product Security Engineer who will be primarily responsible for conducting security analysis of our products, recommending security mitigations and remediations, and deriving the security requirements for the products. The focus of this position is the incident response and security analyst duties.

SKILLS/JOB REQUIREMENTS:

• Bachelor / Student in Engineering or Information Security.
• Experience with SAST, DAST, SCA, and penetration testing tools.
• Experience identifying and protecting against a web application and web service security vulnerabilities including those found in the OWASP Top 10 and SANS Top 25.
• Good knowledge of security concepts regarding software security.
• Good knowledge of the browser security model.
• Ability to gather written and verbal information from multiple sources, assess and consolidate risks to provide appropriate recommendations.
• Experience in developing test routines to validate security mitigations.
• Good documentation and communication skills.

PREFERRED QUALIFICATIONS:

• Relevant cybersecurity certifications.
• Scripting skills (i.e.: Python, shell scripts).
• Experience in software development.
• Experience with cloud IaaS security operations.

• Work closely with the product development teams and understand our products in-depth to analyze and document the security attack surface, trust boundaries, and data flows.
• Document and verify the existing security mitigations and identify if additional mitigations are required for our products.
• Work with the product development teams to guide mitigation development.
• Contribute to the development and implementation of security tests and verification protocols. Assist in conducting security verification and validation efforts.