Job Description :
This position will report to the Director of Product Security in the Cybersecurity group. As the company invests further in this area, there is room for innovation and growth for a hands-on, collaborative and energetic individual.
The candidate will work with our flagship products such as Wall Street Journal, Marketwatch, Barrons, Factiva and DNA.
Location : Barcelona, Spain
Serve as the security SME for product development engineering teams
Help build, maintain and execute a strategy to secure our customer-facing products.
Partner with product development engineering teams to ensure that products are secure from the start through an Agile Secure Development Lifecycle
Partner with the business to understand the needs and demands of our customers and the marketplace. Able to develop security standards and practices that ensure products are built to meet those needs
Work with product development engineering teams to address security findings and negotiate priorities for these to be released
Provide visibility around product security weaknesses to the business
Perform threat models of products
Work alongside technical leadership to ensure secure architectural patterns are being used
Develop security requirements and stories
Work with software engineers to design preventative and / or detective controls for specific security issues
Work with engineering teams to build reusable security components
Help proliferate the use of automated security tools, that are maintained by the product security team into the continuous integration and development environment to identify security issues quickly
Work with members of Cyber Defense to integrate security monitoring of products
Work with members of the application security / penetration testing team to perform security testing and work with project managers to prioritize any identified issues
Collaborate with the application security team to design and execute a security champions program within the product engineering teams aimed at instilling security into the culture of product engineering
Lead conversations about security with prospective & current customers alongside the business and sales team
Develop security material (brochures, white-papers) for consumption by customers showcasing the security of our products
Skills & Experience :
Experience with design and architecture using modern secure design patterns
Experience with cloud best practices and security - AWS, GCP, Azure
Experience in one or more of the following modern languages / frameworks - Node.js, PHP, Java, C#, Python
A strong understanding of modern development processes including agile development
Strong knowledge of application security topics such as authn, authz, encryption, session management, federation, encryption
Ability to communicate complicated technical issues and risks to engineers, project managers and product managers
Extensive experience with application security tools like code scanners, dynamic analysis tools
Familiarity with security related certifications such as PCI, ISO27001
Strong understanding of public application security projects such as OWASP, BSIMM
Expert knowledge with Information Security frameworks and fundamentals including ISO 27001, NIST, Lockheed Killchain and MITRE ATT&CK-based analytics
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, 10-12 years of experience in information security or related technology experience required
Dow Jones , Making Careers Newsworthy
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status.
EEO / AA / M / F / Disabled / Vets .