Medallia's mission is to help companies win through customer experience. The world's best-loved brands trust Medallia's Experience Cloud, which embeds the pulse of the customer in an organization & empowers employees with the real-time customer data, insights, & tools they need to make every experience great. Named a leader in the most recent Forrester Wave & ranked in the 2018 Forbes Cloud 100 list, Medallia is growing quickly, with a global footprint that spans Silicon Valley, Austin, New York, Washington DC, London, Paris, Sydney, Buenos Aires, & Tel Aviv. Here, we value people for each of the aspects that make them whole. We believe that people should not be defined only by a job title-nobody is "just an engineer" or "just a salesperson." We are each partners, parents, children, siblings, friends, & former classmates. We have different backgrounds & we celebrate different cultures. And, just like our product, we honor each of the experiences that build our people.
At Medallia we hire the whole person, not just a part of them.
At Medallia, the Product Security team's mission is to build customer trust in Medallia's products by setting the standards & principles for secure development & validating our security through continuous assessment.
At Medallia, we feel very strongly about protecting our clients' information, & are looking for like-minded engineers to solve complex security challenges while enabling the rapid growth of the business globally. This Product Security role is a key role to maturing our security program within the development lifecycle of our product portfolio & offers tremendous growth opportunities at a security conscious company on a high growth trajectory.
As Medallia becomes a trusted partner to organizations across the globe & spanning several industry verticals, it is more important than ever that we continue to stay a step ahead in securing our applications, services & data. The Senior Product Security Engineer role will work closely with our global engineering teams & ensure that we build secure & robust software in the world of SecDevOps & Agile. We are looking for a candidate who is passionate about security, has a strong technical background & loves creating innovative solutions to challenging problems.
Minimum Qualifications: 3-5 (5+ preferred) years' experience with software security assessments & remediation in Java (or other object-oriented languages)Drive to take ownership of projects & drive resolution without close supervisionProven ability to work collaboratively across & within teamsStrong skills in at least two of the following areas: architecture review/threat modeling, penetration testing, & static code analysis automationHands-on experience with tools & technologies used throughout secure SDLC (e.g., Checkmarx, Fortify SCA, Coverity, AppScan Standard/Enterprise, WebInspect, Netsparker, Burp Suite, Nessus, etc.)Independent problem-solving capabilities & excellent communication skills
Preferred Qualifications: CISSP or CSSLP certificationKnowledge of OSS scanning tools like Black Duck, SRC:CLR, Defensics, SnykKnowledge of Node.js or any modern JS framework (such as React.js), or with native mobile developmentKnowledge of popular web development frameworks (AngularJS, React, Redux, Velocity, StringTemplate, jQuery, Jackson, THRIFT, etc.)Proficiency with Python, Ruby, or other scripting languagesKnowledge of microservices architecture & containersExperience working in a compliance-focused environment Knowledge of FedRAMP (Federal Risk Authorization Management Program)Knowledge of FISMA (Federal Information Systems Management Act)
Keywords: Software Security, Application Security, (software) Architecture Review, Secure (software) Architecture, Secure (software) Design, Secure Code Review, (application) Pen-Testing, (application) Penetration Testing, Dynamic (security) Analysis, Static Analysis, Checkmarx, Fortify SCA, Coverity, AppScan, AppScan Standard, AppScan Enterprise, WebInspect, Netsparker, Burp Suite