Principal Security Software Engineer, FlashArray - Pure Storage

What do NASA and emerging space companies have in common with COVID vaccine R&D teams or with Roblox and the Metaverse? 

The answer is data, -- all fast moving, fast growing industries rely on data for a competitive edge in their industries. And the most advanced companies are realizing the full data advantage by partnering with Pure Storage. Pure’s vision is to redefine the storage experience and empower innovators by simplifying how people consume and interact with data. With 11,000+ customers including 58% of the Fortune 500, we’ve only scratched the surface of our ambitions. 

Pure is blazing trails and setting records:

• For ten straight years, Gartner has named Pure a leader in the Magic Quadrant 

• Our customer-first culture and unwavering commitment to innovation have earned us a certified Net Promoter Score in the top 1% of B2B companies globally

• Industry analysts and press applaud Pure’s leadership across these dimensions

• And, our 5,000+ employees are emboldened to make Pure a faster, stronger, smarter company as we go

If you, like us, say “bring it on” to exciting challenges that change the world, we have endless opportunities where you can make your mark.

SHOULD YOU ACCEPT THIS CHALLENGE...

We are seeking an experienced and highly skilled Principal Security Engineer to join our dynamic team. In this role, you will lead and drive the security strategy for our products and applications, ensuring they meet the highest standards of security and compliance. You will work closely with cross-functional teams to design, implement, and maintain robust security measures that protect our clients and their data. Additionally, you will play a crucial role in the development of security-related product features, integrating security at every stage of the product lifecycle.

• Security Strategy and Leadership:

o Develop and implement the overall security strategy for our software products and applications.

o Provide technical leadership and mentorship to the security engineering team.

o Stay current with emerging security threats and industry trends to proactively address potential risks.

• Security Design and Architecture:

o Collaborate with product managers, architects, and developers to design secure software features and architecture.

o Conduct threat modeling, risk assessments, and vulnerability analysis for new and existing applications.

o Define and enforce security best practices and standards throughout the software development lifecycle (SDLC).

• Product and Application Security:

o Lead efforts to identify, assess, and remediate security vulnerabilities in our products and applications.

o Implement and maintain security tools and technologies for continuous monitoring and protection.

o Perform code reviews, penetration testing, and security audits to ensure compliance with security requirements.

• Development of Security-Oriented Product Features:

o Drive the development of security-oriented product features, ensuring they are designed and implemented with the highest security standards.

o Work closely with the product development team to provide security insights and guidance throughout the product lifecycle.

o Evaluate and recommend new technologies and tools to enhance the security capabilities of our products.

• Incident Response and Management:

o Develop and maintain incident response plans and procedures.

o Lead investigations and response efforts for security incidents and breaches.

o Conduct root cause analysis and implement corrective actions to prevent future incidents.

• Collaboration and Communication:

o Work closely with other engineering teams, including DevOps and IT, to integrate security practices into all aspects of the development and deployment processes.

o Communicate security risks, incidents, and mitigation strategies to stakeholders, including executive leadership.

o Provide training and awareness programs to promote a security-conscious culture within the organization.

WHAT YOU’LL NEED TO BRING TO THIS ROLE...

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.

• 8+ years of experience in security engineering or a related role, with a focus on product and application security.

• In-depth knowledge of security principles, protocols, and best practices.

• Experience with security assessment tools, penetration testing, and vulnerability management.

• Strong understanding of software development methodologies, including Agile and DevOps.

• Proven experience in secure coding practices and secure software development lifecycle (SDLC).

• Excellent problem-solving skills and the ability to think like an attacker.

• Strong communication and leadership skills, with the ability to influence and drive security initiatives across the organization.