Product Security Engineer

Skillable is a 100% remote and virtual tech companythat’smodernizing the world of training. Come share your professional magic withhighly talented, driven and fun colleagues who believe in the power of “skilling.” Experience what a true team focused on doing the right thing feels like!

Our people and talent are what make us great and fun! We work together to create amazing solutions and experiences for our customers and their clients. Weutilizeour employees’ personal strengths to help our company grow and ensure our team is living their best, authentic life. Wedon’tjust share our appreciation for our team members once a year with a branded mug—it’ssharedon a daily basis. Our remote work environment blends the demands of work and life without the added pressure of commuting or feeling guilty about leaving early to visit the dentist.

Come work with us and learn what teamwork and integrity blended with an emphasis on well-being and balance can do for your career!

The Product Security Engineer will conduct comprehensive threat modeling for new and existing products to pinpoint potential security risks. Responsible for seeking out and addressing vulnerabilities within code, systems, and networks by employing a combination of manual reviews, automated tools, and threat modeling techniques. Work closely with engineering teams to design and implement secure solutions that effectively reduce the risks identified during the threat modeling process.

Responsibilities

• Perform threat modeling on new and existing products to identify potential security issues.
• Identify and mitigate security vulnerabilities in code, systems and networks through manual review, automated tools and threat modeling.
• Create and implement standards for testing AI features to ensure they are secure and free from vulnerabilities
• Identify singular issues and develop solutions to prevent them categorically
• Collaborate with engineering teams to design and implement secure solutions that mitigate risks identified during threat modeling.
• Conduct and organize penetration testing on systems and infrastructure to discover vulnerabilities.
• Collaborate with other teams such as development, operations, and compliance to ensure that security is integrated throughout the organization.
• Work with development teams to implement secure coding practices.
• Develop and improve automated security testing tools to streamline the security assessment process.
• Partner with product and development teams to integrate security practices into the product lifecycle.
• Analyze and respond to security incidents, providing post-mortem analysis and recommending preventive measures.
• Provide security guidance and training to engineering and product teams to foster a security culture.
• Lead and continuously improve Skillable’s Security Champions Program, empowering developers to integrate security best practices into their work.
• Advocate for and ensure the implementation of secure by design principles, including contributing to the development of security-related requirements.
• Stay up-to-date with the latest security threats, techniques, best practices, and tools to ensure our defenses remain ahead of potential attackers.
• Support and promote the company values through positive interactions with both internal and external partners and customers on a regular basis.
• Other strategic business initiatives or cross-functional project involvement as required.

Qualifications

• Bachelor’s degree in computer science, technology, information security or equivalent years of relevant experience.
• 5+ years of experience working in threat modeling, penetration testing, and secure software development.
• Experience implementing technical and procedural controls to meet policies and standards.
• Strong understanding of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
• Familiarity with security frameworks and standards such as OWASP, NIST, and ISO 27001.
• Proficiency in at least one programming or scripting language (e.g., Python, Ruby, Java, C++).
• Excellent problem-solving and analytical skills.
• Experience implementing systems hardening, CI/CD pipeline security, security policies, and controls
• Strong understanding of vulnerability and penetration testing methodologies
• Strong understanding of common system and application-level exploits.
• Effective communication skills with the ability to explain complex security issues to a non-technical audience.
• Familiar with technical business applications, cloud infrastructure and cloud risks and controls.
• Industry-recognized certifications in security (CISSP, OSCP, CEH, etc.) are a plus.
• Understanding of AI and machine learning algorithms, including their vulnerabilities and attack vectors preferred.
• Ability to work in an on-call rotation for incident response on an as needed basis.

Salary Range

The base salary for this position is $135,000 - $165,000 annually.Consistent with applicable laws, compensation will bedeterminedbased on thecandidate'slevel, relevant skills,qualifications, and experience along with requirements for the positionand annualfinancialplans.

Skillable is a distributed first team with employees working acrossthe U.S., and we do not considergeographywhendeterminingcompensation ranges.

Please note that it is not typical for an individual to be hired at or near the top of the range. Skillable reserves therighttomodifythis compensation range at any time.

Pay range and current benefit offerings are effective for 90 days from posting date. Standard employment offerings are subject to potential change upon periodic review and analysis, at the discretion of Skillable.

What’sin it for You? Rewards and Perks

We believe in providing a suite of benefits that ensure our employees know we appreciate them as people first. Skillable wants to be a company that promotes physical, emotional andall aroundwell-being through our benefit offerings! Subject to eligibility requirements, the Company offers comprehensive benefits including:

• Fully remote with a monthly stipend to pay for office services and supplies
• Medical (2 plan options), dental (2 plan options), vision, health savings account with generous employer contributions, healthcare spending accounts, dependent care spending accounts, EAP, group paid life insurance, group paid STD and LTD and voluntary life/AD&D insurance,accidentand critical illness options.
• 401(k) with Company match, tuition reimbursement, healthy lifestyle reimbursements.
• Open PTO, Paid holidays, bereavement leave, parental leave, caregiver leave and paid FMLA leave.
• Friends and Family Friday to end our standard workweek at 2pm local time; Full company closure during the 4th of July holiday week.
• Access to pet insurance; Access for employees and dependents to Skillable learning opportunities through our product and more!

Working Conditions:

The job conditions for this position are in a remote home office setting, requiring a space that supports privacy and focus to attend to regular and frequent video and voice calls. Employees in this position use PC and phone on an on-going basis throughout the day. Periodic travel may be required equaling up to approximately 10% of the time.

Skillable participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work int he U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment.

Skillable can only hire potential candidates with a primary residence in the following States: AZ, CA, CO, FL, GA, ID, IN, KY,MA,ME, MI, MO, NC, ND, NE, NH, NV, NY, OH, OK, SC, TN, TX, UT, WA, WI.