Work in Washington Veterans Jobs

Engineer IV, Product Security College Board - Technology Remote About the Team The College Board's Product Security team is an agile organization, embracing DevSecOps and cloud-native systems, and focused on improving speed and security of service delivery in support of an important mission. To enable this mission, the College Board is seeking an Engineer IV - Product Security to help drive the development of innovative and transformative security solutions in our DevSecOps and cloud transformation initiatives. The Engineer IV - Product Security is a highly technical and creative contributor to a bleeding edge cloud and application security team enabling the agile development of secure and reliable cloud-based solutions via strong partnerships and interactions with our Products Teams. About the Opportunity As a Product Security Engineer, you will support and manage a variety of projects in the Product Security team. In this role, you will both learn and introduce new security services, technologies, and technical solutions to secure our Products and platforms. You will interact with different stake holders, product development leads, architects, Cybersecurity operations, Risk and Compliance teams and external partners/vendors such as ETS and various SaaS providers. You will review and adopt new innovative security solutions, make updates to existing solutions, negotiate alternative options and participate in building technical and release roadmaps. As an Engineer IV, you will lead and mentor junior team members supporting their growth and development in Product Security concepts, tools and best practices. In this role you will: * Partner Program - Partnership Development (50%) * Act as a liaison between Product Security teams (both in IT and outside of IT) and the Information Security Office via regular engagements with assigned Partner teams. Embed into planning and grooming sessions. * Develop deep understanding of our Security Policies and Audit requirements in order to support assigned Partner teams, GRC Exceptions and Audit efforts (PCI, SOC2, ISO27001, GDPR, State Contract requirements) * Create Risk Registers for your assigned products and communicate application risks and vulnerabilities to technical stakeholders. * Lead application vulnerability reviews and remediation efforts. Develop deep skill sets in understanding, managing and determining exploitability of vulnerabilities to properly determine risk and priority. * Work to gain a deep understanding of your assigned products' architectures, Supply Chain (Vendors, Partners, Third Party) Development Practices, CI/CD, GRC Exceptions, Release cadence in order to understand and support mitigation of security risks. * Partner with Senior Team members to mentor developers through discussions, presentations, or hands on training sessions to demonstrate best practices in developing secure code and securing application infrastructure. * Ensure all assigned products and applications adhere to the Product Security Framework requirements and work to remediate any gaps. * Elevate Product Security 25% * Work to promote, grow and enhance the Product Security Partners program to develop Security Champions and enable dev teams to shift left. * Develop and deliver guidance and training sessions to grow Product Team's Secure Development LifeCycle skills and awareness. * Grow skills to perform secure reviews of application architectures and security patterns as needed. * Grow skills to develop threat models and risk assessments in conjunction with architects and software engineering staff to identify application security weaknesses and provide coaching on remediation strategies. * Develop and deliver Secure Developer Training, Works To view the full job description,