Senior Product Security Engineer, Data & Insights Solutions

Remote | Seattle, Washington

• Conduct bi-weekly DAST assessments against our production environments. Investigate and report results. Collaborate with engineering for awareness and remediation. Develop and execute a DAST improvement plan inclusive of tool migration and automation inclusion.
• Coordinate, reproduce, and validate reported security findings from clients, cross-team researchers, and third-party penetration testers.
• Monitor and investigate inbound application and infrastructure security alerts.
• Manage an active bug bounty program. Develop and execute an improvement plan that elevates researcher interaction and general program involvement.
• Assume primary responsibility for control families that contribute to our FedRAMP Moderate, SOC2, GDPR, HIPAA, and CJIS certifications. Responsibility includes continuous improvements and auditing, evidence collection and submission, interview participation, internal security reviews, and tabletop exercises.
• Participate in security strategy and planning, including team vision, roadmaps, and increment planning.
• Coach and collaborate with team members to normalize and measure, through a maturity model, security best practices.
• Participate in engineering team meetings, facilitating secure design through instrumenting threat modeling.
• Investigate, document, and resolve security incidents (IRP and ISCP) and provide analysis to senior leadership.
• Stay informed about emerging security trends and technologies. Create and deliver security training and awareness programs for developers, testers, and other stakeholders.

• Strong organization and prioritization skills. A proven ability to react positively and decisively to change
• Superior verbal and written communication skills, with the ability to communicate complex technical solutions to non-technical audiences
• Deadline-driven, team-oriented, be a self-starter, have great people skills, a strong work ethic, and be enthusiastic and ambitious
• Flexible. Able to independently manage multiple efforts simultaneously while maintaining professionalism under pressure
• A passion for improving the client experience and a track record of successful interactions with internal/external clients
• Excellent troubleshooting skills
• A technical leader with the ability to inspire and support peers

• 3-5 years of security engineering experience
• Working experience in Agile Kanban development methodologies
• Expertise in collaboration and prioritization using Confluence, Jira, and Teams
• In-depth knowledge of common web application vulnerabilities, such as OWASP Top Ten (e.g., SQL injection, XSS, CSRF)
• Proficiency with a wide range of security testing tools, including but not limited to vulnerability scanners (e.g., Nessus, Qualys), web application scanners (e.g., Burp Suite Pro, Invicti, OWASP ZAP), and penetration testing frameworks (e.g., Metasploit)
• Familiarity with implementing and managing multiple NIST 800-53 control families: Access Control, Audit and Accountability, Configuration Management, Identification and Authentication, System and Information Integrity
• Strong Python scripting skills and GitHub Enterprise experience
• Experience with static application security testing (SAST), security information and event management (SIEM) systems, and intrusion detection/prevention systems (IDS/IPS)
• Understanding of network and information security best practices
• Experience with Linux, Ubuntu, AWS, Red Hat
• Familiarity in one or more: threat analysis, security automation, penetration testing, incident response, IAM, bug bounty programs, third-party vendor management
• Working experience in cloud log management solutions (e.g., Sumo Logic)
• Experience securing cloud environments with an understanding of cloud security infrastructure and cloud security principles
• Understanding of DevOps and continuous integration/continuous delivery (CI/CD) pipelines and how to integrate security into the DevOps process
• Understanding of attack vectors for cloud environments
• Knowledge of encryption algorithms, certificate management, and cryptographic protocols
• Required to undergo and satisfactorily pass a fingerprint background check in accordance with CJIS requirements.

• Bachelor's degree in Computer Science, Engineering, Mathematics, Information Systems, or a related field preferred
• Valued Certifications: CompTIA Security+, CompTIA Cybersecurity Analyst (CySA+), AWS Professional, AWS Security

Salary will generally fall between $127,416 - $135,000 before adjustment for geographic differences. Recruiter can confirm if position is incentive eligible.

Your health and well-being are important to us. That's why we invest in our team members by offering competitive benefits to support their health and financial wellness. Learn more about how we care for our people.

Tyler is subject to regulations, guidelines, and/or client requirements relating to the qualifications of Tyler personnel performing certain client work. Because of the nature of this position, it is a requirement that the candidate can successfully pass a federal background check at the time an offer is extended and over the course of employment with Tyler.