About Netskope
Today, there's more data and users outside the enterprise than inside, causing the network perimeter as we know it to dissolve. We realized a new perimeter was needed, one that is built in the cloud and follows and protects data wherever it goes, so we started Netskope to redefine Cloud, Network and Data Security.
Since 2012, we have built the market-leading cloud security company and an award-winning culture powered by hundreds of employees spread across offices in Santa Clara, St. Louis, Bangalore, London, Melbourne, and Tokyo. Our core values are openness, honesty, and transparency, and we purposely developed our open desk layouts and large meeting spaces to support and promote partnerships, collaboration, and teamwork. From catered lunches and office celebrations to employee recognition events (pre and hopefully post-Covid) and social professional groups such as the Awesome Women of Netskope (AWON), we strive to keep work fun, supportive and interactive.Visit us at Netskope Careers. Please follow us on LinkedIn and Twitter@Netskope.
About the role
Please note, this team is hiring across all levels and candidates are individually assessed and appropriately leveled based upon their skills and experience.
As part of the Security Services org, the Product Security team is responsible for ensuring Netskope’s software and cloud services are secured. The Product Security team’s mission is to establish processes, procedures and policies that enable a secure development lifecycle for Netskope’s product engineering teams, and maintain the Confidentiality, Integrity & Availability of NetSkope’s products and services.
What’s in it for you
As a member of the Product Security team you will be part of a nimble product security team that works cross functionally to ensure our software and cloud services meet the strictest security standards in the industry. This is a highly visible role that leads the cross-team collaboration among Engineering, Operations, Product Management, Legal and CISO organizations.
What you will be doing
- Define security best practice for software development and cloud service deployment. Collaborate with the PMO team to integrate it into SDLC.
- Perform threat modeling, design reviews, peer code reviews and privacy review as part of the secure development lifecycle.
- Work with development teams to fix product security issues.
- Assist and help engineering teams to build capabilities in secure code review , security testing, fuzz testing, and advanced developer testing capabilities.
- Support Engineering team with secure design, secure coding, security testing and SAST and DAST tool usage.
- Building POCs and tooling for engineering and QA/QE for security testing.
- Drive Security education and awareness across the engineering organization
- Development, publication, and maintenance of secure development standards, guidelines, patterns, as well as working with engineering peers to adopt the publications
- Support and assist the adoption of CI/CD/CS pipelines and DevSecOps implementation.
Required skills and experience
- 5+ years of experience in product/application security, penetration testing, and security operations in highly diversified and high-growth organizations.
- Excellent programming experience (design, coding & debugging) and secure code review skills, as well as direct experience programming in at least two of the following languages: Python, Go, Java, C/C++, JavaScript.
- Familiarity with any of the leading tool-sets including SAST/DAST tools (SonarQube, Checkmarx, Coverity, Zap, Burp, etc.), SCA (JFrog XRay, Snyk, Blackduck, WhiteSource, etc.), and IaC tools.
- Experience building security communities across engineering teams through evangelism and training programs.
- Thorough understanding of OWASP Top 10 and their mitigation.
- Excellent Secure Software Concepts - security implications in software development.
- Incident management, including analysis and response.
- Certifications in security and privacy demonstrating deep practical knowledge such as ISC² CSSLP, CISSP or CSSP, SANS Secure Software Development, CompTIA Security+, CEH, OSCP.
- Effective communication (internal, customer, legal counsel), collaboration (internal, external), and effective written skills (white papers, vulnerability specifications, etc.).
- Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders.
Education
- BSCS or equivalent required, MSCS or equivalent strongly preferred
#LI-BL2
Netskope is committed to implementing equal employment opportunities for all employees and applicants for employment. Netskope does not discriminate in employment opportunities or practices based on religion, race, color, sex, marital or veteran statues, age, national origin, ancestry, physical or mental disability, medical condition, sexual orientation, gender identity/expression, genetic information, pregnancy (including childbirth, lactation and related medical conditions), or any other characteristic protected by the laws or regulations of any jurisdiction in which we operate.
Netskope respects your privacy and is committed to protecting the personal information you share with us, please refer to Netskope's Privacy Policy for more details.