Product Security Engineer

at Puppet, Inc. Remote, North America

Hi, I’m Diego Lapiduz, Sr. Director of Engineering at Puppet,

I’m seeking a Product Security Engineer to join our team and help us grow our product security practice. We ship software that is used to manage critical infrastructure so security is paramount to us. Our team is focused on improving our security practices, implementing new tools and strategies, and educating our engineering team on writing secure code.

At Puppet, we value innovation and allow for new ideas to incubate, as we look for new opportunities to better serve our customers.  We work in an agile, iterative fashion, breaking up large ideas into small, concrete chunks that can be implemented quickly to deliver value or further learning. We work collectively, allowing us to accomplish far more as a  team than could be accomplished individually.

You will:

  • Drive a strategy for security embedded in the software development lifecycle.
  • Implement DevOps tools, focused on security, that can provide early feedback to developers.
  • Gather metrics about product security, velocity, and escape rates
  • Set policies for security operations and help execute them.
  • Establish training programs for developers on security and best practices.
  • Mentor peers through their professional development.

You are:

  • Passionate—with a love for solving user problems with software. 
  • A team player—who is collaborative and enjoys learning from and sharing knowledge with other developers in a team environment.
  • Curious—with a drive to learn and understand.

You have:

  • This position is open at various levels! Curious where your experience falls within our job levels?
    • Associate level: 0-2 years experience working in the information security space
    • Intermediate Level: 2+ years working within the information security space.
    • Senior Level: 5+ years working within the information security space.
    • Principal level: 7+ years working within the information security space
  • Broad technical experience and up-to-date industry knowledge around security best practices, DevOps / DevSecOps, and CI/CD.
  • Implemented tools like SCA, SAST, DAST in an automated fashion.
  • Expertise in scaling processes where manual review is not sufficient.
  • Knowledge of OWASP Top 10, common NIST publications and at least one compliance framework (SOC 2, ISO, etc)

We are hiring at various experience levels and we’re particularly interested in having a diverse team with a broad set of skills and viewpoints. If this seems like your dream job, but you’re not sure if you qualify, apply anyway!

*Visa Sponsorship

Please note, this position is not eligible for visa sponsorship.

About Puppet

Puppet’s core mission is to eliminate soul crushing work. We created the industry standard for managing infrastructure as code. And we didn’t stop there—our product portfolio has grown to help organizations automate across their entire software delivery lifecycle. With more than two-thirds of Fortune 100 companies using Puppet’s open source or commercial products, our code is helping power thousands of organizations across the world.

As the industry leader in DevOps solutions, we realize that our success is a collective effort; all made possible by the incredible people working here, our customers, partners, and Puppet community. Our culture is built on positivity, diversity, inclusivity and support—and we seek people who are resilient, entrepreneurial-minded, team players who continually strive to be incrementally better every single day. In our work together we aim to be curious, accountable, empathetic and, above all, collaborative. If this sounds like the environment you’d thrive in, why not say hello?

Learn more about Puppet by checking out the values we live by and the awesome benefits and perks we offer employees!

Puppet is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, ancestry, age, veteran status, disability, or any other protected class.

If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact +1-877-575-9775 for assistance.

Please see Puppet's privacy policy here.

 

PM16

An equal opportunity employer

Puppet is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, ancestry, age, veteran status, disability, or any other protected class.

If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact 877-575-9775 for assistance.

Staffing agencies: We do not accept unsolicited resumes. If you are not an approved Recruiting Partner and have not been approved to submit candidates for specific positions, we will not accept your submission. If you submit anyway, we will consider it a gift, free of charge! If you are interested in becoming an approved Recruiting Partner, please call us at 877-575-9775.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.