Thomson ReutersThomson Reuters empowers professionals with cutting-edge technology solutions informed by industry-leading content and expertise.As a Senior Product Security Engineer, you will be focused on developing S-SDLC activities and controls that will ensure our applications are designed and implemented with regards to the highest level of security standards with a focus on Software Supply Chain Security.
About the Role As a Senior Product Security Engineer, you will:
Promote Secure design, architecture, and implementation covering all steps of our Secure Software Development Life Cycle (SDLC).Support our Software Supply Chain initiative to define, implement and scale our software supply chain practices.Participate in Threat modeling sessions to guide secure design discussions and participate in risk assessments.Drive security projects (including security reviews, tool development, and creation of new security practices).Create security guidance and documentation, including compliance as code.Set a high standard for engineering quality and execution that leads to high quality product security artifacts to secure our products' SDLCs.About You You're a fit for the role of Senior Product Security Engineer if you have:
Engineer Empathy: You have a strong understanding of how developers work and are able to present security initiatives to developers in a way that leverages that understanding.Knowledgeable in Application Security: You are passionate about application security including secure coding, supply chain security, and SecDevOps.Drive to continually improve: You are able to analyze current processes and procedures and determine ways to improve and increase efficiency.Technical Skills: Experience with software supply chain security at both the SCM, Build and Deployment level.Strong understanding of cryptographic primitives supporting authenticity and integrity checks.Deep technical understanding and experience assessing common security vulnerabilities and risks, as well as advising on countermeasures and compensating controls.Proficiency in writing Python to implement services and tooling as well as reading other programming languages in the context of secure code review.Experience collaborating with product development teams directly to instill security.Experience with SAST, DAST and SCA scans and the analysis of the identified security findings/results.Experience with DevSecOps in a cloud native context and in integrating security in CI/CD pipelines (GitHub Actions preferred but experience with other CIs is good, e.g., Gitlab CI).Experience with automation in general consuming APIs, with a plus when the automation is related to security tooling.Knowledge of one or more security frameworks such as OWASP's ASVS, CIS Benchmarks, NIST CSF.Ability to manage and prioritize between multiple tasks and projects.Strong Communication Skills (verbal, written, ability to influence others).Learning Mindset (emerging technical trends, always learning).Familiarity with SLSA, in-toto and OpenSSF security scorecard.Experience with Linux systems and containers.Experience with AWS or Azure.Infrastructure as code with Terraform.Experience with Security tools (Web attack proxies, SAST, DAST, SCA).What's in it For You? You will join our inclusive culture of world-class talent, where we are committed to your personal and professional growth through:
Hybrid Work Model: We've adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role).Wellbeing: Comprehensive benefit plans; flexible and supportive benefits for work-life balance.Culture: Globally recognized and award-winning reputation for equality, diversity and inclusion.Learning & Development: LinkedIn Learning access; internal Talent Marketplace with opportunities to work on projects cross-company.Social Impact: Employee-driven Business Resource Groups; two paid volunteer days annually.Purpose-Driven Work: We help uphold the rule of law, turn the wheels of commerce, and provide trusted information.Do you want to be part of a team helping re-invent the way knowledge professionals work? Join us and help shape the industries that move society forward.
Accessibility As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world.
#J-18808-Ljbffr