.**About** the **Role**As a Senior Product Security Engineer, you will:- Promote Secure design, architecture, and implementation covering all steps of our Secure Software Development Life Cycle (SDLC).- Support our Software Supply Chain initiative to define, implement and scale our software supply chain practices.- Participate in Threat modeling sessions to guide secure design discussions and participate in risk assessments.- Drive security projects (including security reviews, tool development, and creation of new security practices).- Create security guidance and documentation, including compliance as code.- Set a high standard for engineering quality and execution that leads to high quality product security artifacts to secure our products' SDLCs.**About You**You're a fit for the role of Senior Product Security Engineer if you have:- Engineer Empathy: You have a strong understanding of how developers work and are able to present security initiatives to developers in a way that leverages that understanding.- Drive to continually improve: You are able to analyze current processes and procedures and determine ways to improve and increase efficiency.Technical Skills:- Experience with software supply chain security at both the SCM, Build and Deployment level- Strong understanding of cryptographic primitives supporting authenticity and integrity checks- Deep technical understanding and experience assessing common security vulnerabilities and risks, as well as advising on countermeasures and compensating controls.- Proficiency in writing Python to implement services and tooling as well as reading other programming languages in the context of secure code review- Experience collaborating with product development teams directly to instill security.- You have experience with SAST, DAST and SCA scans and the analysis of the identified security findings/results.- Experience with DevSecOps in a cloud native context and in integrating security in CI/CD pipelines (GitHub Actions preferred but experience with other Cis is good eg. Gitlab CI, ).- Experience with automation in general consuming APIs, with plus when the automation is related to security tooling- Knowledge of one or more security frameworks OWASP's ASVS, CIS Benchmarks, NIST CSF,- Ability to manage and prioritize between multiple tasks and projects