Senior Product Security Engineer

Job Description

At Wave, we help small businesses to thrive so the heart of our communities beats stronger. We work in an environment buzzing with creative energy and inspiration. No matter where you are or how you get the job done, you have what you need to be successful and connected. The mark of true success at Wave is the ability to be bold, learn quickly and share your knowledge generously. The Product Security Engineer is responsible for ensuring the security of our organization’s products throughout their lifecycle. This role focuses on protecting software, hardware, and firmware from vulnerabilities and cyber threats, aligning with business goals and compliance standards. This role also consults with security adjacent stakeholders and business units to provide suggestions, education, guidance and feedback from a security perspective.

Here’s How You Make an Impact:

• Risk Assessment and Mitigation: Perform threat modelling application design solutions and vulnerability assessments to identify relevant risks, security gaps or risks in product design and development. Maintain documentation of security controls and processes. Prepare reports on security risks and mitigation efforts for management and regulatory bodies. Audit source code and perform code review for critical application changes.
• Secure Development Practices: Implement security tooling and automation to scale the Product Security team’s practices. Advocate for and integrate security best practices in the Software Development Lifecycle (SDLC). Conduct code reviews, penetration testing, and static/dynamic analysis. Ensure compliance with industry standards (e.g., AICPA SOC2, HIPAA, PCI DSS, SOX ISO 27001, NIST CSF).
• Incident Response and Management: Monitor and address security incidents impacting Wave products. Implement and manage SOAR solutions to improve incident response times and efficiency.
• Security Architecture and Development : Working with product and engineering teams to design, program development, software development and implement security controls and protections within the product via automation. This task ensures the product is built with security in mind from the ground up. Integrate security tools and technologies into the CI/CD pipeline (e.g., static and dynamic application security testing (SAST/DAST), software composition analysis (SCA), and infrastructure-as-code (IaC) scanning).
• Planning, Collaboration and Training: Product roadmap planning with key stakeholders, collaboration with cross functional teams to develop mitigation strategies. Working closely and mentor Product, Engineering, and IT teams for security best practices. Provide security training and awareness for developers and stakeholders.
• Leadership and Communication: Effectively communicate security, privacy risks and best practices to both technical and non-technical audiences. Ability to guide and influence Wave engineering teams on security matters.

You Thrive Here By Possessing the Following:

• 4-6 years of experience in a Product Security role.
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities.
• Strong understanding of: Threat modelling methodologies such as MITRE ATT&CK, STRIDE, and PASTA;
• Amazon AWS Services, MS Azure, and their capabilities;
• Securing web applications;
• Orchestration tools (ex. Anisible, Terraform);
• Automation scripting (e.g. Python, Django, etc.)
• Experience with frameworks such as OWASP Top 10, SAST/DAST tools, and CI/CD pipelines.
• Fluency in Python, React, and Django Rest Framework.
• Experience with manual source code review, and embedding security to code in production environments.
• Experience with deploying application security tools in the CI/CD pipeline.
• Experience with securing software development lifecycle including building programs. that eliminate full classes of vulnerabilities.
• Excellent communication and interpersonal skills.
• Ability to work independently and within a team.
• Strong organizational and time-management abilities.
• Preferred Qualifications
• Certifications such as CISSP, CSSLP, CEH, or equivalent.
• Experience in IoT, embedded systems, or mobile app security.
• Knowledge of regulatory and compliance standards (e.g., AICPA SOC2, NIST CSF, GDPR, HIPAA)

At Wave, we value diversity of perspective. Your unique experience enriches our organization. We welcome applicants from all backgrounds. Let’s talk about how you can thrive here! Wave is committed to providing an inclusive and accessible candidate experience. If you require accommodations during the recruitment process, please let us know by emailing [email protected]. We will work with you to meet your needs. Apply for this job