Principal Cybersecurity Engineer

3 days ago

Apply Now

Receive Emails with Similar Jobs

Progress

WebsiteLinkedInAll Job Openings

Progress is a software company that offers a wide range of products and services aimed at improving digital experiences, data management, and infrastructure management. The company provides AI-powered applications across its platforms, enabling businesses to develop and manage these applications efficiently. Progress offers solutions such as the Progress Data Platform for data, AI, and analytics projects, and Sitefinity for digital content and experience management. Additionally, Progress provides infrastructure management products to help streamline network and application management, as well as data connectivity tools under the DataDirect brand. The acquisition of ShareFile has expanded Progress's capabilities in secure file transfer and collaboration. With a strong focus on artificial intelligence, Progress works to deliver innovative solutions for its customers and partners across various industries.

application development • web development • cloud development • application modernization • digital experience

1001 - 5000 employees

Founded 1981

🤖 Artificial Intelligence

💰 Post-IPO Equity on 1995-01

📋 Description

• The Cybersecurity Engineer role is primarily responsible for identifying, assessing, prioritizing, and reporting on vulnerabilities within Progress infrastructure and applications. • Responsibilities include enterprise vulnerability scanning, applications security testing, coordinating penetration tests, product release monitoring and support, and maintaining the bug bounty program. • In this role you will: • Review security vulnerabilities across a variety of technologies and environments to determine high risk vulnerabilities to business assets. • Configure and execute enterprise infrastructure vulnerability scanning across cloud and on-premises assets. • Validate vulnerability scanning accuracy and scope against asset management, networks, and CMDB inventories. • Co-ordinate with system owners and other teams to address the vulnerabilities as per defined SLAs. • Respond to security researchers that report vulnerabilities through our Bug Bounty program and support the CVE publication process. • Conduct static and dynamic application security testing across core products, analyze results, and prioritize vulnerabilities for remediation. • Provide security gate review support to product and development teams to validate products meet security control standards prior to release. • Coordinate third party penetration tests including scoping, scheduling, budgeting, vendor management, and procurement. • Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities. • Build strong partnerships with technical teams to promote best practices for managing vulnerabilities across traditional infrastructure and in cloud environments. • Lead cybersecurity projects to promote integration, automation, and increase vulnerability detection and response capabilities. • Ensure compliance with organizational cybersecurity policies and procedures. • Provide architecture and design support for cloud environments.

🎯 Requirements

• Bachelor’s degree in information technology, Information Security/Assurance, Computer Science, Engineering, or related field or equivalent combination of education and experience • 6-8 years of Cybersecurity experience with a concentration in vulnerability management techniques, tools and methodologies • One or more of the following certifications CEH, CISSP, CRISC, GSEC, GSED, CISM • Proficient with vulnerability management solutions such as Qualys, Tenable, and Rapid7 • Familiarity with bug bounty platforms and tools (e.g., HackerOne, Bugcrowd etc) • Experience using web application security testing tools and commercial scanners (Veracode, Qualys WAS, Tenable WAS) • Experience with vulnerability management across cloud environments (AWS, Azure, GCP) • Experience conducting organization-wide vulnerability scanning and developing remediation processes • Knowledge and experience with DevSecOps practices, container security, microservices architecture, infrastructure as code, OWASP, CVSS, SDLC, and penetration testing methodologies • Hands-on experience in application security testing tools like Burpsuite, OWASP ZAP etc • Strong communication skills with the ability to influence cross functionally, both at the peer level or above • Solid project management skills with the ability to prioritize tasks based on risk

🏖️ Benefits

• Competitive remuneration package • Employee Stock Purchase Plan Enrolment • Vacation, Family, and Health 30 days of earned leave • An extra day off for your birthday • Various other leaves like marriage leave, casual leave, maternity, and paternity leave • Premium Group Medical Insurance for employees and five dependents, personal accident insurance coverage, life insurance coverage • Professional development reimbursement • Interest subsidy on loans - either vehicle or personal loans • Health club reimbursement