About the Role
We are seeking a Software Product Security Engineer to ensure security across the lifecycle of our web-based product. This role focuses on embedding security practices into the design, development, implementation, and integration phases while addressing the unique challenges of delivering our product as Application as a Service (AaaS) and Software as a Service (SaaS).
As a key contributor, you will define and implement security measures for the product, including integrations such as Single Sign-On (SSO), Identity and Access Management (IAM), and other third-party systems. You will ensure secure configurations for protocols like SSL, manage web application security headers (e.g., CORS), and evaluate all security aspects of product deployments. If you have a passion for securing modern web applications in dynamic environments, this role is a perfect fit!
Key Responsibilities:
Security by Design: Work with product and engineering teams to design secure architectures for web-based applications and integrations.
Product Security Evaluation: Assess and implement security measures specific to AaaS and SaaS models, including encryption, data protection, and tenant isolation.
Single Sign-On and IAM: Integrate and secure authentication solutions like Single Sign-On (SSO), IAM frameworks, and third-party identity providers (e.g., Okta, Azure AD).
Web Application Security: Implement and manage security protocols such as SSL/TLS, and enforce secure practices for web headers like CORS, Content-Security-Policy, and others.
Vulnerability Management: Identify, prioritize, and remediate security vulnerabilities in the product through manual and automated methods.
Threat Modeling: Conduct threat modeling and risk assessments for product components and integrations.
Security Best Practices: Develop secure coding standards and guide engineering teams in adhering to them.
Automation: Build and maintain automation scripts for testing security configurations in CI/CD pipelines.
Monitoring and Incident Response: Collaborate with security operations to monitor and respond to security incidents related to the product.
Compliance and Documentation: Ensure the product complies with security standards such as SOC 2, ISO 27001, or PCI-DSS. Document security policies, practices, and configurations.
Qualifications:
Education:
Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a related field (or equivalent experience).
Technical Skills:
Strong understanding of security for AaaS and SaaS models, including multi-tenancy and data segregation.
Experience with web application security protocols, including SSL/TLS, OAuth, SAML, and OpenID Connect.
Familiarity with IAM and SSO providers like Okta, Azure AD, or similar.
Proficiency in securing web technologies, including handling CORS, CSRF, XSS, and SQL Injectionvulnerabilities.
Hands-on experience with security tools (e.g., OWASP ZAP, Burp Suite) and DevSecOps integration into CI/CD pipelines.
Strong knowledge of secure coding practices and encryption standards.
Proficiency in scripting or programming languages such as Python, JavaScript, or Java.
Familiarity with cloud environments like AWS, Azure, or Google Cloud and their native security tools.
Experience:
3–5 years of experience in application security, software development, or product security engineering.
Proven track record of securing web-based products in a SaaS or AaaS environment.
Hands-on experience with securing product integrations, including APIs and third-party services.
Soft Skills:
Strong problem-solving and analytical thinking abilities.
Excellent communication skills, with the ability to explain complex security concepts to non-technical stakeholders.
Collaborative mindset and the ability to work effectively across diverse teams.
About the Company
Datamaze is a dynamic company specializing in AI, Data, and Analytics consulting services. We are dedicated to transforming businesses by leveraging the power of data and artificial intelligence. With a team of industry experts in technology, business strategy, and data science, Datamaze offers a range of services including data strategy development, AI model creation, advanced analytics, and data visualization. Our approach is client-centric, focusing on creating customized solutions that address unique business challenges and objectives. The team, comprising data scientists, AI experts, strategists, and engineers, is committed to continuous learning and innovation.
Datamaze positions itself as a trusted partner for businesses looking to navigate the complex data and AI landscape, aiming to optimize operations, inform decision-making, and maintain a competitive edge.