Product Security Engineer

at  Entrust Datacard

Career Growth, Flexibility and Collaboration!
Entrust is dedicated to keeping the world moving safely by enabling trusted identities, payments, and data protection around the globe. Headquartered in Minnesota, we offer our colleagues the ability to work globally, in a flexible and collaborative environment. Our team makes an impact!!
The Company: Entrust relies on curious, dedicated and innovative individuals whom anticipate the future and provide solutions for a more connected, mobile and secure world. Entrust’s technologies and expertise help government agencies, enterprises and financial institutions in more than 150 countries serve and safeguard citizens, employees and consumers.
We Believe: Securing identities is most effective when we value all identities. We are committed to ensuring that, through diversity and inclusion, the many voices that make up our communities are heard. From unconscious bias training for managers to global affinity groups that create connections both within and across our enterprise, Entrust expects and encourages all individuals to accept and respect one another. And, of course, to be themselves.
Position Overview:
As an integrated member of the development teams, the Security Engineer is responsible for ensuring all product security requirements are defined and addressed throughout the entire product lifecycle. Areas of specific technical subject matter expertise should encompass one or more of the following disciplines: secure product design, cryptography, vulnerability analysis, physical (electronic) security, defensive coding, side-channel threats, or security certifications.
As part of the product security certification efforts, the Security Engineer is required to collaborate with Certification Engineers to ensure timely and cost-effective delivery of the certifications. The Principle Security Engineer may also liaise with evaluation laboratories and 3rd parties in order to provide them with technical information and to assist the Certification Engineer on the justification of technical security positions.

Responsibilities:

• Collaborate in the creation of product functional specifications and designs for new products to ensure security requirements are addressed and implemented correctly; should be well versed in threat modelling and mitigation strategies;
• Own, implement, and monitor the secure product development practices and processes for the entire product development lifecycle;
• Serve as the primary point of contact and trusted advisor for the team on security technologies and threat mitigation best practices; examples include practical application of cryptography, key management, trust, authentication, penetration testing, and defensive engineering techniques;
• Liaise with the Certification Engineers and the product development team to ensure the design and implementation facilitate current and future certification roadmaps;
• Act as a mentor to the development teams on how to create secure and certifiable designs;
• Initiate security enhancements on existing products which positively affect the product’s marketability;
• Keep abreast of emerging security technologies as required by the business;

Technical Knowledge/Skills & Experience Required:

• Experience relating to security product development; specific focus on secure software or hardware product developments to include application in the areas of general-purpose cryptographic modules, payments processing, user authentication, or trust management;
• Experience applying cryptography in product developments; usage of interfaces such as PKCS #11, MS CAPI/CNG, or KMIP is desirable;
• Practical experience and understanding of the following languages: C/C++, Java, Python or Go;
• Experience with security hardening for hardware and operating system virtualization systems is desirable;
• Understanding and experience with commercial product release engineering practices; specifically, with Scrum and/or Agile methodologies is desirable but not necessary;
• Exposure and understanding of product security evaluations, specifically with FIPS, PCI and/or Common Criteria is desirable but not necessary.
• Ability to research and apply security techniques and tools and integrate these within a product development lifecycle;
• Strong communication, presentation, and negotiation skills;
• Ability to work in a fast-paced environment with minimal direct supervision;

Basic Qualifications:

• BSCS, BSCE, BSEE, or equivalent experience required.

About Entrust
Entrust keeps the world moving safely by enabling trusted identities, payments and data protection around the globe. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, or accessing corporate networks. With our unmatched breadth of digital security and credential issuance solutions, it’s no wonder the world’s most entrusted organizations trust us.
For more information, visit
www.entrust.com
. Follow us on,
LinkedIn
,
Facebook
,
Instagram
, and
YouTube
Entrust Corporation is an EOE/AA/Veteran/People with Disabilities employer.
For US roles, or where applicable:
Entrust is an EEO/AA/Disabled/Veterans Employer
For Canadian roles, or where applicable:
Entrust values diversity and inclusion and we are committed to building a diverse workforce with wide perspectives and innovative ideas. We welcome applications from qualified individuals of all backgrounds, and we strive to provide an accessible experience for candidates of all abilities.
If you require an accommodation, contact
accessibility@entrust.com.
Recruiter:
Neha Rathore
Neha.Rathore@entrust.co

• Collaborate in the creation of product functional specifications and designs for new products to ensure security requirements are addressed and implemented correctly; should be well versed in threat modelling and mitigation strategies;
• Own, implement, and monitor the secure product development practices and processes for the entire product development lifecycle;
• Serve as the primary point of contact and trusted advisor for the team on security technologies and threat mitigation best practices; examples include practical application of cryptography, key management, trust, authentication, penetration testing, and defensive engineering techniques;
• Liaise with the Certification Engineers and the product development team to ensure the design and implementation facilitate current and future certification roadmaps;
• Act as a mentor to the development teams on how to create secure and certifiable designs;
• Initiate security enhancements on existing products which positively affect the product’s marketability;
• Keep abreast of emerging security technologies as required by the business