Senior Product Security Engineer

Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen - predicting and stopping mobile attacks before they do harm. The world's leading mobile network operators, including AT&T, Deutsche Telekom, EE, KDDI, Orange, Sprint, T-Mobile and Telstra, have selected Lookout as its preferred mobile security solution. Lookout is also partnered with such enterprise leaders as AirWatch, Ingram Micro, Microsoft and MobileIron. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C. To learn more, visit www.lookout.com.

Lookout's users and product developers trust our Information Security team to provide them with the most secure experience. We're looking to hire Product Security Engineers to ensure that our products are designed and implemented to the highest security standards. You will have incredible communication skills and experience analyzing products from a security perspective.

You immerse yourself in all aspects of security, especially as it relates to building secure microservice-based cloud products, DevSecOps and stopping attacks in the cloud. You are looking for an opportunity that will try your technical skills and challenge your creativity. You are ready to face a wide range of security questions, many of which have not been considered before. Production servers, networks, endpoint devices, and data are safe in your hands. You are a subject matter expert who wants to implement tactical solutions and contribute to innovative solutions to big picture issues.

Responsibilities:

You'll be tasked with improving security across all aspects of Lookout's products throughout their lifecycle, from design and architecture to code to deployment, in a cloud infrastructure (AWS/GCP) running complex highly security-sensitive services at significant scale. You will be challenged every day.

• Harden our products from attack by implementing strong Agile Security Development Lifecycle (SDL) tools and processes
• Provide subject matter expertise on network architecture, DevSecOps, building secure software and implementation security controls in an Agile environment
• Push the boundaries of security technology to enable defensible products in large scale production infrastructure and networks.
• Perform security assessments of applications, and solutions in production, corporate and cloud infrastructures
• Define and implement security standards and guidance for engineering teams, including automation and technical controls to enforce
• Build frameworks to provide secure defaults to engineering teams and tools that will automatically scan and detect security problems.
• Provide training to engineering teams on application security related topics.
• Operate, and help engineering teams utilize, security tools (SAST/DAST/SCA/etc.)
• Evangelize security within Lookout.

Requirements:

• BS in Computer Science, Computer Engineering of Electrical Engineering
• 5 + years of practical experience with security architecture, design and implementation in large scale products and cloud infrastructure, including 3+ years of experience in application security related fields (architecture reviews, code reviews, application penetration testing, security engineering).
• Significant (2+ years) software development experience, developing and delivering complex applications. Mobile applications and backends, microservice architectures, delivering to heavily regulated enterprise customers (financial, healthcare, government) a plus.
• Experience in a DevOps and Security (DevSecOps) focused environment. Experience automating security assurance by integrating security tooling with CI/CD pipelines
• Experience deploying and operating application security tools
• Hands on experience in AWS and/or GCP
• Deep familiarity with Secure Development Lifecycles
• An expert in one or more of the following domains: cryptography, authentication and security protocols, web application security, mobile application security, cloud based services, and threat modeling.

Desired qualifications and skills:

• Solid knowledge of Linux operating systems
• Development experience in Ruby or Java
• Experience with Kubernetes and container security
• Experience with using scripting languages (ruby/python preferred) for security automation tasks
• Excellent written and verbal communication skills.
• Excellent teamwork and leadership skills.
• Security Certifications are a plus
• Familiarity with compliance frameworks and standards (FedRAMP, ISO27001 etc.) is preferred