Senior Principal, Product Security
United States
IT Security /
Full Time /
Remote
Business Wire, a Berkshire Hathaway company, is the global market leader in press release distribution and regulatory disclosure. We are on a mission to redefine how organizations connect with their audiences - and that’s just the beginning!
Organizations, large and small, depend on us to accurately publicize market-moving news and multimedia, and generate social engagements that develop interactions with their target audiences.
About the Role
Business Wire is committed to delivering secure and reliable software solutions to our internal stakeholders and external customers, and we are looking for a talented Senior Principal, Product Security to join our team and drive our product and cloud security initiatives to new heights. As the Senior Principal, Product Security, you will play a critical role in ensuring the security of our products and services, with a specific focus on modern application security and SDLC practices running on AWS. You will be responsible for leading the assessment, design, and implementation of robust security measures throughout the product development lifecycle. Your hands-on technical expertise in software and cloud security, combined with a strategic mindset, will guide us in delivering cutting-edge and business-aligned solutions that are resilient to emerging cyber threats.
What You'll Do
- Lead and drive the application and cloud security assessment and architecture efforts within the organization.
- Collaborate closely with leadership to set a long-term vision for the company's product security initiatives, ensuring alignment with business objectives.
- Develop and maintain a comprehensive cloud security architecture that meets industry standards and best practices.
- Conduct technical security assessments and threat modeling exercises to identify potential risks and vulnerabilities.
- Integrate security testing into the SDLC, collaborating with development teams to address security concerns at each phase of the software development process.
- Implement and oversee effective application security measures including penetration testing, vulnerability management, and remediation advisory.
- Provide expert guidance on risk management strategies and ensure that security requirements are integrated into all aspects of the product development lifecycle.
- Assist in incident response activities, investigating and mitigating security incidents related to applications.
- Act as a thought partner and collaborate with stakeholders across engineering groups to promote security awareness and foster a strong product security culture.
- Lead and coach other security professionals at all levels to ensure successful execution of security initiatives.
- Resolve technical challenges for yourself and others, ensuring that security barriers are proactively addressed.
- Create guardrails, standards, dashboards, and policies to improve the product security posture and visibility.
What You'll Need
- 10+ years of experience in modern application security, with a proven track record of securing applications on AWS.
- Extensive hands-on experience in designing secure Infrastructure solutions for AWS as well as on-prem applications, demonstrating proficiency in architecting robust and scalable security measures within cloud and on-prem environments.
- Deep understanding of security testing tools including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), utilizing these tools effectively to identify and address potential vulnerabilities proactively.
- Extensive experience in application security automation and interjecting security into CICD.
- Strong knowledge and expertise in technical assessments, threat modeling, and cloud security architecture.
- Hands-on experience with software security best practices, penetration testing, vulnerability management, and remediation advisory.
- Demonstrated proficiency in investigating and effectively managing security incidents pertaining to applications operating within AWS and on-prem environments.
- Proven ability to lead and moderate company-wide security discussions, fostering effective collaboration and decision-making.
- Strong leadership and coaching skills.
- Strong problem-solving abilities and a deep understanding of cybersecurity principles and practices.
- Excellent communication and presentation skills and the ability to communicate complex security concepts to technical and non-technical stakeholders.
- Previous software development experience is plus.
- Bachelor’s degree in computer science or related field.
- Ability to work remotely
- Excellent health benefits that begin on your first day of employment
- $100 monthly fitness allotment, a tuition reimbursement program, and enhanced mental health resources
- 401(k) plan with generous company match, and annual profit sharing contribution (subject to company performance)
- PTO, Floating Holidays, Wellness Day Off, Birthday Day Off, and more!
Business Wire will not sponsor a new applicant for employment authorization for this position.
What We Offer
The base salary range for this position is $200K to $250K/year. Offered salary will be determined by several factors, including but not limited to: applicant’s education, experience, knowledge, skills and abilities, as well as internal equity and alignment with geographic market data. Business Wire reserves the right to modify this salary range at any time.
Business Wire’s total rewards include:
A pre-employment background check will be required after the acceptance of an offer. Business Wire is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances, and its internal policy, Business Wire will also consider for employment qualified applicants with arrest and conviction records.
