Senior Product Security Architect
As a global leader in cybersecurity products and services, Symantec has a passionate focus on producing secure software. As part of Shared Engineering Services (SES), the Senior Product Security Architect will have a broad, multi-faceted role that includes governance, policymaking, and assisting with software security advisories.Key Responsibilities:
- Collaborating with senior leadership on revising and ensuring compliance with Symantec's Secure Development Life Cycle Process (SDLC).
- Providing, as needed, consultative guidance to product teams relative to the application of the SDLC.
- Working with the Product Security Incident Response Team (PSIRT) team to provide assistance in the verification of security vulnerabilities and be available to coordinate with security researchers and product teams as needed
Accordingly, this position requires considerable breadth and depth of software security knowledge, allowing the candidate to act as a senior subject matter expert in multiple areas of software security. The successful candidate must have strong communication and influencing skills, be able to interact effectively with developers, technical leaders, and executives.Competencies, Knowledge, Skills and Abilities
Education and Experience
- Ability to coach and provide guidance to product teams to help improve product security and adherence to SDLC
- Significant experience in evaluating open source components for security and quality risks
- Working knowledge of Open Source Management Tools like Black Duck Hub, Code Center, Protex, Protecode, Whitesource, etc.
- Ability to actively engage with Symantec legal regarding usage of 3rd party and open source components
- Fundamental understanding of cryptographic concepts and applied cryptography
- Hands-on experience with various security tools including static and dynamic analysis, forensics, reconnaissance, sniffing, tampering, fault-injection, fuzzing, monitoring, etc.
- Basic understanding of Threat Modeling and experience with DFD's and Threat Modeling tools
- Breadth of security knowledge in several of the following areas: Web, Mobile App, UI, Kernel Mode, File System, Cloud, IoT and Filter Drivers
- Well versed in various types of exploits such as XSS, CSRF, Injection, Session Fixation, Buffer Overflows, etc.
- Experience with various programming languages such as C/C++/C#/Java/Python
- Working knowledge of various operating systems such as Windows, Mac OS and Linux
- Be able to interact effectively with security researchers and assist in the coordination, classification and mitigation of product vulnerabilities
- Available to help assess, rank, and quantify software vulnerabilities
- Work effectively with product teams, providing timely feedback and assistance as needed
- Understanding of automation techniques to improve security workflows and execution of SDLC are a plus
- Knowledge of reverse engineering, malware analysis and forensic tools will be an added advantage
- Bachelors or Masters in computer science or related field preferred
- 10+ years of experience in hands-on security related software development and architecture (both native and web/cloud based solutions)
- Minimum 5+ years' experience in an internal software security group
- Deep passion for security risk awareness; thinks like a hacker
- Strong communication skills with focus on empathy and active listening
- Prior experience in working with both local and remote teams
- Previous experience working on a Red Team or a pen-testing team is a plus
Symantec is an equal opportunity employer. All candidates for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, physical or mental disability, veteran status, or any other basis protected by applicable federal, state or local law.