Product Security Engineer

JAGGAER provides an intelligent Source-to-Pay and Supplier Collaboration Platform that empowers organizations to manage and automate complex processes while enabling a highly resilient, responsible, and integrated supplier base. With 30 years of expertise, we specialize in solving complex procurement and supply chain challenges across various industries.
Our 1,300+ global employees are obsessed with ensuring customers get full value from our products - ultimately enhancing and transforming their businesses. For more information, visit www.jaggaer.com

What We’re Looking For:

Overview:

Reporting to the Director of Cyber Architecture & Defense, we are seeking an individual with a thorough understanding of cybersecurity principles and a strong background in product security. This role involves designing, implementing, and coordinating a comprehensive security strategy throughout the Software Development Life Cycle (SDLC). The ideal candidate will be responsible for identifying, assessing, and reporting security vulnerabilities within our products and applications. They will work closely with development teams to integrate security practices, conduct security assessments using tools such as SonarQube, Rapid7, and BurpSuite, and oversee third-party penetration testing activities.

Principal Responsibilities
Awesome Things You’ll Do:
• Collaborate with product and platform development teams to integrate security into the Software Development Life Cycle (SDLC) by modeling threats, identifying vulnerabilities, and performing penetration tests.
• Conduct security assessments using dynamic application security testing (DAST) and static application security testing (SAST) tools, and regularly scan third-party libraries for security vulnerabilities.
• Perform technical risk assessments, evaluate DAST and SAST tool results, triage security testing results, and manage security response actions.
• Oversee third-party penetration testing activities, objectively prioritizing concerns, identifying critical risks, and adhering to compliance requirements.
• Manage vulnerabilities and incidents for products to ensure swift resolution of issues.
• Develop and maintain a balanced product security program based on well-defined application security frameworks.
• Partner with development teams and architects to design, implement, and improve application security solutions.
• Assist in compliance activities such as external audits from customers, regulatory compliance projects, and overall information security reviews.
• Assist in offensive security exercises with security operations.
• Promote a culture of security and serve as a security champion, raising awareness and promoting security best practices across the organization.
• Stay current with security trends and technologies and make recommendations for improving security posture.
• Functional understanding of common compliance frameworks, including NIST 800-53, ISO 27001, PCI DSS, SOC2 Type II, and CSA CCM.

What You Will Bring:
• Bachelor's degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in product security, with a focus on the software development life cycle.
• Proficient in Python, Java, or other programming languages.
• Experience with security tools such as SonarQube, Rapid7, BurpSuite, etc.
• Knowledge of web application security, network security, and cloud security.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration skills.
• Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or similar certifications are a plus.

We Offer

• A fun work environment in a young and motivated team
• Competitive salary, career plan
• Short communication channels and room for your creative ideas
• An international, professional environment with exciting opportunities
• An open-minded and dynamic corporate culture, training, and development
• Private health insurance, FitPass, summer and winter parties, vouchers for the most diligent employees, gifts for the new year, flexible working hours, various work-life balance benefits, and much more

Our values
Our values are at the core of who we are at JAGGAER. You will see these values entrenched in how we support our customers, work with team members, build our products, and in the culture we’ve created.
Be Collaborative: Foster a culture of mutual respect, working effectively and productively with others, and sharing responsibility for team success.
Be Accountable: Take ownership, learn from challenges, be proactive, and rise above one’s circumstances to achieve the result.
Be Adaptable: Embrace change, encourage innovation, and remain effective when experiencing major change.
JAGGAER is a proud equal opportunity/affirmative action employer supporting workforce diversity. We do not discriminate based on race, ethnicity, ancestry, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), marital status, caregiver status, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, genetic information, military, or veteran status, mental or physical disability, or other applicable legally protected character

#LI-MR1