Key skills
Secure Software Development Lifecycle (SDLC)Application SecurityProduct SecurityCloud SecurityAWSGoogle Cloud Platform (GCP)Microsoft AzureContainerizationDockerKubernetesAPI SecurityDevSecOpsInfrastructure as Code (IaC)CI/CD PipelinesPythonShell ScriptingLinuxCISSPCASP+GSLCCISMShellAzureGCPK8sSDLCCI/CDCommunication
About this role
Uplight is creating a new category of energy and is seeking a Senior Product Security Engineer to help achieve ambitious goals for the business and the planet. The role involves supporting and improving the Secure Software Development Lifecycle, implementing security best practices, and leading security projects to enhance Uplight's security posture.
Responsibilities:
- Support, implement, and improve Secure Software Development Lifecycle (SDLC)
- Act as a consultant to the design and development stages of SDLC
- Document and work with product and engineering teams to implement security best practices and system configuration standards
- Support Asset Management initiatives to ensure all assets are tagged and classified
- Work with outside parties to perform penetration tests
- Perform Security Architecture, AppSec and Risk Assessments
- Perform Threat Modelling
- Analyze, manage, and work with other teams to address vulnerabilities, code weaknesses, misconfigurations, and non-compliance findings
- Coordinate and participate in Disaster Recovery exercises, including Backup tests
- Maintain and administer security tooling
- Lead security projects dedicated to improving Uplights's security posture
- Respond to and assist with incidents as needed or assigned
- Implement and be responsible for best product security practices and procedures
- Perform an on-call shift rotation
- Demonstrate effective communication skills, both verbal and written
Requirements:
- Advanced experience in securing applications and application settings
- Advanced experience in app and product security
- Advanced understanding in securing cloud technologies
- Experience with technologies from at least one public cloud (AWS, GCP, Azure)
- Experience in securing containerization (Docker, K8s, etc) and API
- Experience with modern DevSecOps practices including implementing automated security in IaC and CI/CD pipelines
- Strong scripting skills Python/Shell Scripting experience
- Mid to advanced level Linux knowledge in a physical, virtual, or public cloud environment
- Exceptional verbal and written communication skills are necessary to effectively collaborate with peers, and to present and explain highly technical information to stakeholders who may have limited technical knowledge
- CISSP, CASP+, GSLC, CISM certified