Product Security Engineer

at Puppet, Inc. Remote North America

 Hi, I’m Mike Hall, Sr. Director of Engineering at Puppet,

I’m looking for a Product Security Engineer to join our team to assess and strengthen our secure product development process, ensuring Puppet products maintain the highest levels of security. At Puppet, security is deeply embedded in our DNA, and you’ll help us continue that tradition as we develop a disruptive offering still in its early stages. 

Performing broad architectural reviews on our products to identify current risks, you will be responsible for advising product teams on how to better incorporate security into their coding and testing. As the leader of a security community of practice, you will help change mindsets toward security through education and creation of a developer training program. You will also work with third-party security firms to audit our products, managing pen tests, and charting a course for security compliance for Federal customers.

Meaningful work you’ll contribute: 

  • Responsible for all aspects of developing secure on-premise and SaaS applications, including: 
    • Puppet’s internal product standard for secure development, from threat modeling and security risk assessments to security testing and release authorization;
    • Awareness and security development training;
    • Security vulnerability assessment, prioritization and response. 
  • Partner with product development leads to identify and implement best practices that ensure application security and data protection are incorporated into all customer-facing product offerings. 
  • Develop a security community of practice, driving accountability for security into every development team. 
  • Provide security recommendations as a subject matter expert for development teams during discovery and design phases of development. 
  • Validate vulnerability resolutions and ensure security requirements are observed prior to releases. 
  • Serve as a point of contact for product security at Puppet. 
  • Work with the Enterprise Security team to track and manage product security risk, and assist in developing and delivering risk assessments both internally, and externally. 
  • Stay current on security industry trends, attack and response techniques, and security tools. 

You are: 

  • A team player. You are a top level community builder across groups inside the company and across the industry.
  • Entrepreneurial. You proactively identify challenges & opportunities.
  • Scrappy and self-directed. You are skilled at autonomously driving projects in a startup environment with minimal guidance and limited resources while having a ton of freedom and creativity to continue moving forward. You roll up your sleeves and drive execution and results. 
  • Resilient. You create a constructive and safe environment, breaking down barriers to speed up the cycle of change.
  • Accountable. You identity team, groups, and company-wide areas of risk and mitigate them. 
  • Honorable. You bring forward hard questions with respect and integrity for all parties, while fostering an environment that encourages others to do the same. 

Valuable experiences and skills you’ll bring to Puppet:

  • You have delivered on security requirements for both on-premises and public cloud applications. 
  • You have experience driving the adoption of security practices and initiatives across multiple product teams. 
  • You have expertise and experience conducting threat modeling of services and applications across a diversity of products, with specific experience in SaaS applications. 
  • You have experience coding in one of the following languages: JavaScript, Go, Ruby, or Clojure. 
  • You have a thorough understanding of enterprise software development and infrastructure processes and lifecycle.
  • You possess full-stack knowledge of IT infrastructure: applications, databases, operating systems (Windows and Linux).
  • You are an effective communicator adept at delivering the right message to audiences of all levels, and able to translate complex technical security matters into business terms.
  • You have expertise with common security testing methodologies.
  • You use and understand distributed version control systems such as git.
  • You excel at working in a self-directed capacity, with strong record of goal achievement in a security role. 

Bonus, but not required (shout about it in your application if you have experience):

  • BA or BS degree

*Visa Sponsorship

Please note, this position is not eligible for visa sponsorship.

About Puppet

Puppet’s core mission is to eliminate soul crushing work. We created the industry standard for managing infrastructure as code. And we didn’t stop there—our product portfolio has grown to help organizations automate across their entire software delivery lifecycle. With more than two-thirds of Fortune 100 companies using Puppet’s open source or commercial products, our code is helping power thousands of organizations across the world.

As the industry leader in DevOps solutions, we realize that our success is a collective effort; all made possible by the incredible people working here, our customers, partners, and Puppet community. Our culture is built on positivity, diversity, inclusivity and support—and we seek people who are resilient, entrepreneurial-minded, team players who continually strive to be incrementally better every single day. In our work together we aim to be curious, accountable, empathetic and, above all, collaborative. If this sounds like the environment you’d thrive in, why not say hello?

Learn more about Puppet by checking out the values we live by and the awesome benefits and perks we offer employees!

Puppet is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, ancestry, age, veteran status, disability, or any other protected class.

If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact +1-877-575-9775 for assistance.

 

PM16

An equal opportunity employer

Puppet is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, ancestry, age, veteran status, disability, or any other protected class.

If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact recruiter@puppet.com for assistance.

Staffing agencies: We do not accept unsolicited resumes. If you are not an approved Recruiting Partner and have not been approved to submit candidates for specific positions, we will not accept your submission. If you submit anyway, we will consider it a gift, free of charge! If you are interested in becoming an approved Recruiting Partner, please send an email request to recruiter@puppet.com.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.