Principal Product Security Engineer

ConnectWise

Software tools, services, and a community of peers to help MSPs grow and manage their business. Get RMM, UMM, SOC, NOC, Cybersecurity - all in one integrated platform.

View company page

ConnectWise is an industry and Global leading software company with over 3,000 colleagues in North America, EMEA and APAC. As a community-driven software company dedicated to the success of technology solution providers, our suite helps over 45,000 of our partners manage their businesses better, sell more efficiently, automate service delivery, and remotely control technology so they can consistently deliver amazing customer experiences.

Our company is powered by our connections, our colleagues, and our community. And, we accept all kinds.

Game-changers, innovators, culture-lovers—and humankind.

We invite discovery and debate. We recognize key moments as milestones.

We see you and value you for your unique contributions. Our inclusive, positive culture lays the foundation to ensure every colleague is valued for their perspectives and skills, giving you the choice of how YOU make a difference.

Curious? Read this opportunity to learn how YOU can make a difference at ConnectWise!

General Summary:

The Principal Product Security Engineer is responsible for designing and implementing security best practices at
each stage of the system development lifecycle, from design through production. This role works in partnership
with cross-functional teams to act as a security subject matter expert, while supporting and advancing the security
of ConnectWise applications.

Essential Duties & Responsibilities:
• Establishes operational plans for the Product Security team
• Develops and implements new products, processes, standards, and/or operational plans that will have animpact on the achievement of functional results
• Provides support to the Product Security team(s), with a high attention to detail
• May require communication with ConnectWise leadership
• Conducts security assessments, threat modeling, and vulnerability reporting and develops securityarchitecture patterns for implementing new solutions and products
• Performs application security reviews for our products and services to identify and/or validatevulnerabilities and attack chains
• Communicates findings, attack paths, and recommendations to technical and executive stakeholdersthrough written reports and verbal presentations
• Develops and maintains methodologies for penetration testing
• Participates in decision-making, prioritization, and support throughout the secure software developmentlife cycle (s-SDLC) on a variety of security domains
• Participates in requirements gathering, secure coding and configuration, software testing, and third-partycomponent management and defect management
• Serves as a primary point of contact on secure development and security best practices
• Consults cross-functionally to embed security gates into their existing SDLC, leveraging automation whenpossible
• Drives the development of standards, practices, and processes to establish, manage, and reportadherence to application security requirements and best practices
• Attends regular stand-ups and planning meetings to build positive relationships with key stakeholders
• Serves as the security authority on assigned products, ensuring the security controls are functioning,security requirements are provided before coding begins, and that vulnerabilities are fixed within theirSLAs
• Ensures s-SDLC controls are embedded in assigned product and serves as control owner for a subset ofthese controls
• Engages in application and domain-specific threat modeling, as well as attack surface analysis andreduction

Knowledge, Skills and/or Abilities Required:

• Effective communication skills, with the ability to explain sophisticated security topics in simple terms totechnical and non-technical stakeholder
• Strong ability to effectively prioritize competing deliverables in an accurate and timely manner

Educational/Vocational/Previous Experience Recommendations:
• Bachelor’s degree in related field or equivalent business experience
• 8+ years of relevant experience
• Experience securing enterprise-grade web applications
• Experience with automated application security tools and technologies (SAST, DAST, SCA, etc.)
• Experience in web application security issues and standards (ex. OWASP Top 10, SANS Top 25, etc.)

ConnectWise is an Equal Opportunity Employer, dedicated to building a diverse and inclusive workforce and providing a workplace free from discrimination and harassment. ConnectWise provides equal employment opportunities to all employees and applicants without regard to race, ethnicity, color, religion, age, sex (including pregnancy), sexual orientation, gender, gender identity or expression, ancestry, national origin, citizenship status, physical or mental disability, genetic information, military/veteran status, marital status, familial or parental status, or any other characteristic or status protected by applicable federal, state and local laws.

The statements above are intended to describe the general nature and level of work being performed by individuals assigned to this job.Other duties may be assigned as needed. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions of the job and/or to receive other benefits and privileges of employment. If you need a reasonable accommodation for any part of the application and hiring process, please contact us at talentacquisition@connectwise.com or 1-800-671-6898.

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.