Senior Product Security Engineer

📋 Description

• • Mirantis is at the forefront of cloud-native innovation, empowering enterprises to build, manage, and scale their cloud environments with confidence. We are seeking a highly motivated and experienced Senior Product Security Engineer to join our dynamic and expanding Product Security program. In this critical role, you will be instrumental in safeguarding our comprehensive portfolio of products and services, which includes cutting-edge enterprise software and essential critical infrastructure. Your expertise will directly contribute to the security posture of Mirantis, ensuring that our offerings are robust, resilient, and protected against evolving threats.
• • As a Senior Product Security Engineer, you will be a key player in the strategic implementation of security controls, the proactive driving of remediation efforts for identified vulnerabilities, and the robust support of our ongoing compliance initiatives. You will forge strong partnerships with our dedicated engineering teams, working collaboratively to embed security seamlessly into every phase of the software development lifecycle (SDLC). This is an opportunity to not just maintain security, but to actively shape the security strategy of Mirantis, automate critical security processes, and ensure that security is an intrinsic component of our product development and operational excellence.
• • **Secure Products & Infrastructure:** You will be responsible for the design, implementation, and ongoing maintenance of robust security controls that span across our diverse applications, underlying infrastructure, and sophisticated CI/CD pipelines. This includes ensuring that our security measures align with stringent industry standards such as SOC 2 and ISO 27001, as well as adhering to our internal security policies. A significant part of your role will involve driving the adoption and operationalization of essential security tooling, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), container scanning technologies, Infrastructure as Code (IaC) security analysis, and dependency vulnerability analysis. By integrating automated security testing directly into the SDLC, you will empower our development teams to embrace a secure-by-design philosophy, proactively mitigating risks before they can impact our products.
• • **Offensive Security & Vulnerability Management:** This role demands a proactive approach to identifying and addressing security weaknesses. You will lead comprehensive application security reviews, conduct thorough threat modeling exercises to anticipate potential attack vectors, perform in-depth vulnerability assessments, and coordinate penetration testing activities. A crucial aspect of your responsibility will be to validate and meticulously prioritize identified findings, assessing them based on their exploitability and potential business impact. You will then partner closely with engineering teams to ensure the timely and measurable remediation of these vulnerabilities, fostering a culture of continuous security improvement. Your proactive efforts in identifying and demonstrating security weaknesses will be vital in enhancing the overall resilience and security of our product suite.
• • **Incident Response & Risk Reduction:** In the event of security incidents affecting our products or infrastructure, you will provide critical support to the investigation process. This includes contributing to detailed root cause analysis and developing durable, long-term remediation strategies to prevent recurrence. You will be tasked with identifying systemic control gaps within our environment and implementing effective, long-term risk mitigation measures to bolster our security defenses.
• • **Compliance & Assurance:** You will play a key role in supporting product-level security reviews and facilitating audit activities. This involves coordinating the collection of necessary evidence and validating controls to meet the requirements of SOC 2, ISO 27001, and other enterprise-level security mandates. Your ability to translate complex compliance requirements into clear, actionable engineering controls will be essential for ensuring our adherence to regulatory and customer expectations.
• • **Cross-Product Security Leadership:** As a senior member of the team, you will develop and maintain deep security expertise across multiple Mirantis products. This will enable you to standardize security practices and tooling across different engineering teams, promoting consistency and efficiency. By strengthening the scalability of our security program and reducing the risk associated with single points of failure, you will contribute to a more robust and resilient security framework for the entire organization.
• • **Security Advocacy & Enablement:** You will serve as a champion for secure design principles and modern application security practices throughout Mirantis. This involves providing clear, actionable guidance to engineering teams during architecture and code reviews, fostering a security-conscious mindset. Your commitment to driving continuous improvement and automation across the entire SDLC will be paramount in elevating the security maturity of our products and development processes.