Principal Product Security Engineer

Full Time
Burlington, Massachusetts
report a problem
Overview

At Nuance, we empower people with the ability to seamlessly interact with their connected devices and the digital world around them. We are creating a world where technology thinks and acts the way people do by designing the most human, natural, and intuitive ways of interacting with technology.

Our nimble technology uses analytics and advanced algorithms to transform the inanimate into animate and reduce complicated processes into simple ones.

Join our Healthcare team...caring for clinicians the way they care for patients. Beyond words. We create technology that lets clinicians capture and document care quickly and easily so they can focus their attention on their patients.

Join our Mobile team…intelligent systems now ready for the road. We are passionate about developing intelligent interfaces that enable people to talk to their cars, phones, devices, and other smart “things”.

Join our Enterprise team…great customer service starts here. We design virtual assistants for intelligent and effortless customer service helping customers find the information they need using whatever channel they prefer.

Join our Imaging team…greater document flexibility for more personal productivity. We are passionate about designing and building secure technology that empowers companies to gain control of their document management processes and ensure their proprietary and customer information is protected.

Job Summary:

The Principal Product Security Engineer will report to the Director of Product Security. Major duties will focus on providing secure development services such as design reviews, code reviews, and security testing during product development, as well as providing training and consultation to product teams to improve their internal capabilities in these areas. This engineer will also drive adoption of security tools and services from external vendors, evaluating and selecting vendors, assisting integration of these services into engineering workflows, and providing expertise to interpret and remediate security issues identified by these tools and services.

Responsibilties:

  • Perform application vulnerability assessments
  • Perform design consultation, architecture review, threat modeling, code review, and testing.
  • Assist in the development of test cases, scripts, procedures, and tooling for QA security testing.
  • Analyze output from security tooling and provide guidance to drive remediation
  • Assess SDLC processes and provide guidance on increasing security review coverage
  • Identify toolsets and vendors, drive adoption and implementation
  • Consult with development and QA staff to remove false positives and prioritize remediation based on security scanning tools’ output

Qualifications:

Number of Years of Work Experience: 3-5 years experience in application security + 3-5 years software development experience (development or QA)

Required Skills:

  • Understanding and familiarity with common code review methods and standards
  • Knowledge of secure coding patterns and pitfalls in multiple languages (Java, .NET, C++, Python…)
  • Knowledge of secure configuration patterns for middleware and OS platforms (Tomcat, JBoss, Weblogic; common relational and NoSQL dbs; Windows, Linux, iOS, Android)
  • Demonstrated experience providing security review of web applications, mobile applications, thick clients, web APIs (REST, SOAP), AuthZ/AuthN protocols and technologies, and cryptography
  • Experience with static analysis and dynamic analysis tools
  • Experience with offensive security tools and methodologies
  • Penetration testing experience, especially at the application level
  • Familiarity with development and test toolsets (source code control, build systems, test automation, ticketing systems)
  • Knowledge of OWASP tools and methodologies
  • Knowledge of standard SDLC practices and security touchpoints in Agile, DevOps, waterfall processes
  • Experience with application security requirements of HIPAA, PCI and ISO 27000

Preferred Skills:

  • Solid understandings of security on networks, hardening, patch management, pentesting, vulnerability testing, Windows systems, open systems, applications, and web and public facing systems.
  • Knowledge of analytic and monitoring tools (ElasticSearch, LogStash, and Kibana (ELK) and/or Splunk)
  • Ability to code python
  • Expertise with Rapid7 Nexpose or other vulnerability scanners
  • Ability to reverse engineer undocumented applications or architectures
  • Linux, Windows system administration
  • Ability to multi-task under strict deadlines.
  • Proficient English language written and oral communication skills

Education:

  • Bachelor’s Degree in Computer Engineering, Computer Science, or Information Systems Management. Will consider work experience in lieu of or supplementing formal education.
  • CISSP, CSSLP, CEH or equivalent security certifications

Additional Information:

Nuance offers a compelling and rewarding work environment. We offer market competitive salaries, bonus, equity, benefits, meaningful growth and development opportunities and a casual yet technically challenging work environment. Join our dynamic, entrepreneurial team and become part of our continuing success.

Nuance Communication Inc. is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, national origin, disability, veteran status, gender identity, sexual orientation and other legally protected characteristics. The EEO is the Law poster and its supplement is available here. If you need a reasonable accommodation because of a disability for any part of the employment process, please call 781-565-5000 – Human Resources Department and let us know the nature of your request and your contact information.

 

 



Share this job:

Nuance Communications

At Nuance, we are reinventing the relationship between man and technology.

We believe in the power of intelligent systems and what that power can do for you. Together, our innovations in voice, natural language understanding, reasoning and systems integration create more human technology – technology that adapts to you instead of you having to adapt to it. We power flagship devices and solutions from the likes of Samsung, will.i.am, Ford, and Domino’s. With nearly 20 billion cloud transactions last year alone, chances are you’ve already experienced our technology –at work, in the car, on your phone, or at the doctor’s office. See how Nuance technology is transforming your daily life.
 
Specialties
voice recognition, natural language understanding, health information technology, clinical language understanding, voice biometrics, document imaging, print management, connected car, wearables, software, text-to-speech, chatbots, call center solutions
 
 
Visit Nuance Communications's Social Media pages:
Company Industry: Computer Software
Company Type: Public Company
Company Size: 10,001+