Product Security Engineer

Отговорности

• Operate and maintain SAST, DAST, and SCA platforms
• Validate scan coverage, policies, and thresholds
• Triage findings: remove false positives, normalize severity, enrich with evidence
• Create, route, and track remediation tickets in a ticketing system
• Maintain vulnerability lifecycle: discovery → validation → assignment → verification → closure
• Monitor SLAs, exceptions, and risk acceptances
• Produce operational reports: exposure trends, backlog, aging, compliance metrics
• Maintain documentation: runbooks, scanning standards, onboarding guides
• Support developers with reproduction steps and secure coding references
• Assist in tool integrations and upgrades
• Preserve audit trails and evidence for compliance and internal security reviews

Изисквания

• Fundamental understanding of web application security and SDLC
• Working knowledge of at least one SAST, one DAST, and one SCA tool
• Basic familiarity with CI/CD systems
• Ability to read and reason about source code findings (any of: Java, .NET, JavaScript, Python)
• Comfort with REST APIs, JSON, and basic scripting
• Strong operational discipline: tracking, documentation, repeatability
• Clear written communication for technical remediation guidance

Baseline Technical Knowledge

• OWASP Top 10, CWE, CVE, CVSS
• Dependency and license risk concepts
• Authentication, authorization, injection, XSS, deserialization, and secrets exposure
• Git-based workflows

Nice to Have

• Prior AppSec, QA security, or DevOps support experience
• Basic threat modeling awareness
• Security certifications at foundation level (optional)

Behavioral Profile

• High attention to detail
• Bias toward evidence over assumption
• Process adherence
• Capacity to manage repetitive operational load without quality decay
• Willingness to learn secure development patterns