Product Security Engineer (Information Security)
At Palo Alto Networks® everything starts and ends with our mission: protecting our way of life in the digital age by preventing successful cyberattacks. It’s not a small goal. It isn’t simple either, but we aren’t in this for the easy answer. As a company with a foundation in challenging the way things are done, we’re looking for innovators with a dedication to THE best. In return, your career will have a tangible impact - one that's working toward technology that affects every level of society.
Our mission doesn’t happen by treading softly. It happens by defining an industry. It means building products that haven't been thought of. It means selling products with a solutions mindset. It means supporting the infrastructure of a company that moves at an incredible speed…intentionally…to stay ahead of the world’s next cyberthreat.
As a Product Security Engineer (Early in Career) on the Infosec Product Security team, you will be responsible for building security into all Palo Alto Networks products end-to-end. You’ll have the opportunity to work as a key member in a deep and savvy security team and participate in the company's product security initiatives end-to-end. Furthermore, you will be both hands-on technical and influential, where you will be expected to directly communicate with cross-functional teams in Product Management, Development, and DevOps/SRE to drive security throughout the entire product.
- Through close collaboration with teams, ensure the adoption of SDLC and security best practices across the entire application lifecycle. You’re someone that possesses strong knowledge of security from infrastructure through application and wants to help people apply it
- Define and implement security tooling with the goal of improving coverage and time to action. Many security tools exist both here and in the wild, but you’ll define the portfolio and ensure adoption of the right set for us
- Help coordinate and drive compliance efforts such as FedRAMP, SOC2, and HIPAA. While you’re not necessarily an expert in all compliance domains, you’ve designed controls and helped see them through implementation
- Improve security reporting, including coordinating vulnerability management, penetration testing, and infrastructure compliance. You want to share the overall security story including the use of dashboards and ensure that deviance from the norm is visible and acted upon appropriately
- 2+ years of hands-on experience in application security, pen test, OWASP, security benchmarks, and automation
- Security tooling and best practices, such as pre-commit/pre-receive hooks, dependency scanning, SAST, IAST, OSS, DAST, RASP, and vulnerability management, etc.
- Security tools benchmark and fine tuning
- Experience in software security testing, methodologies, and frameworks
- Integration, design, and architecture of AWS and/or GCP services into IAM platforms
- Microservice architecture expertise and best practices in securing APIs across multi-cloud environments
- Hands-on experience in container-based deployments and orchestration tools (e.g. Kubernetes, Docker, EKS, GKE, Terraform)
- Effective written and oral communication with multiple levels of leadership involving both the business and technical sides of the business
- Bachelor's degree from four-year college or university; or equivalent training, education, and experience in information / cyber security, computer systems, IT, etc.
Think about it, security for an information security company. Working at a high-tech cybersecurity company within the Information Security team is a once in a lifetime opportunity. You’ll be joined with the brightest minds in technology, our global teams on the front line of defense against cyberattacks. We’re joined by one mission – but driven by the impact of that mission and what it means to protect our way of life in the digital age. Join a dynamic and fast-paced team that feels excitement at the prospect of a challenge and feels a thrill at resolving security gaps that inhibit our privacy.
We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together. To learn more about our culture and dedication to inclusion and innovation, visit our careers page.
Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.
Additionally, we are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or an accommodation due to a disability or special need, please contact us at firstname.lastname@example.org.
Learn more about the amazing work experience at Palo Alto Networks here!