Product Security Engineer

1 Month ago • 3 Years +

Job Summary

Job Description

This role involves being a Product Security Incident Response Team (PSIRT) member, focusing on product incident response processes, scanning, and oversight. The responsibilities include understanding and analyzing public vulnerabilities, prioritizing them for resolution, and collaborating with cross-functional teams to safeguard products. The role also includes managing vulnerability lifecycles, interpreting customer requests, monitoring communication during incidents, validating engineering responses, working with teams for remediation, investigating security incidents, and drafting security advisories. It requires staying informed about emerging threats, contributing to threat modeling, and documenting incidents. The role will also involve overseeing product vulnerability scanning, assessing the impact of vulnerabilities and developing mitigation strategies.
Must have:
  • Understanding of CVE/CVSS frameworks and vulnerability databases.
  • Knowledge of network protocols (TCP/IP, DNS, HTTP/HTTPS)
  • Knowledge of Firewall and IDS/IPS.
  • Understanding of secure coding practices.
  • Strong planning and organizational skills.
  • Excellent communication and writing skills.
Good to have:
  • Experience with development tools like Jira and GitHub.
  • Experience with automation and integrations (Teams, Jira, Jenkins)
  • Experience with coding languages (C/C++, Golang, Java, JavaScript, Python)
  • Understanding of Secure Software Development Life Cycles (SDLC/SSDLC)
  • Security Certifications such as FIPS, Common Criteria, DoDIN APL
  • CISSP or equivalent security qualification.

Job Details

Over 50,000 customers globally trust our end-to-end, cloud-driven networking solutions. They rely on our top-rated services and support to accelerate their digital transformation efforts and deliver unprecedented progress. With double-digit growth year over year, no provider is better positioned to deliver scalable outcomes than Extreme.


Inclusion is one of our core values and in our DNA. We are committed to fostering an inclusive workplace that embraces our differences and creates an atmosphere where all our employees thrive because of their differences, not in spite of them.


Become part of Something big with Extreme! As a global networking leader, learn why there’s no better time to join the Extreme team.


Extreme Networks is seeking a Product Security Incident Response Team (PSIRT) member to join the Information Security team to support the Product Incident Response process and product scanning and oversight. The role will be supporting Extreme as we continue to support our customers, both in terms of product support and managing the lifecycle of vulnerability resolutions.

 

The successful candidate for this position will need to:

•            Be able to understand and analyze publicly disclosed vulnerabilities, distilling them down to determine any possible impact

•            Prioritize vulnerabilities and their handling from reporting to resolution

•            Play a pivotal role in safeguarding our organization’s products and services against security threats. You will collaborate with cross-functional teams, respond to security incidents, and contribute to the overall security posture of our offerings

 

Main Responsibilities:

Product Incident Response Team

•            Lifecycle management of a vulnerability from inquiry to validation of remediation

•            Interpret customer requests and publicly disclosed vulnerabilities to as they relate to Extreme products

•            Monitor, manage, and track internal communication per incident process

•            Interpretation of technical engineering responses for validity

•            Work with engineering and product teams to understand issues, validate responses, and roll-out of remediation plans

Incident Response

•            Investigate and respond to security incidents related to our products

•            Analyze vulnerabilities, exploits, and threats

•            Coordinate with internal teams and external partners during a reported incident until resolution

Product Vulnerability Management

•            Oversee product vulnerability scanning for a range of Extreme products

•            Assess the potential impact of vulnerabilities on our products

•            Validate scan results to develop mitigation strategies

•            External vulnerability oversight to include interpreting cyber score reports

•            Work cross-functionally to remediate finding on vulnerability reports

Security Advisories and Communications

•            Draft timely and accurate security advisories for affected products

•            Monitor security advisories and vulnerability databases

•            Communicate security-related information to customers, partners, and stakeholders

•            Maintain transparency and provide timely updates during incidents

Threat Intelligence

•            Stay informed about emerging threats and attack techniques

•            Collaborate with threat intelligence teams to enhance our defenses

•            Contribute to threat modeling and risk assessments

•            External vulnerability oversight

Collaboration

•            Work cross-functionally with development, engineering, and quality assurance teams

•            Participate in security reviews and design discussions

•            Foster a security-aware culture within the organization

Documentation

•            Maintain accurate records of incidents, investigations, and remediation efforts

•            Create and update security procedures, policies, playbooks, and guidelines

Continuous Improvement

•            Identify areas for process improvement within the PSIRT

•            Enhance incident response procedures and workflows

 

Requirements

•            Bachelor of Science in fields of computer science or engineering (or equivalent experience)

•            Understand common vulnerabilities and vulnerability databases: CVE, CWE, OWASP, etc.

•            Network protocol knowledge such as TCP/IP, DNS, HTTP/HTTPS and other fundamental protocols

•            Firewall and IDS/IPS knowledge, such as understanding network security devices and their configurations

•            Understanding of secure coding practices and integration of security practices into DevOps pipeline

•            Network solutions knowledge on IP Fabric (BFP, EVPN, VXLAN), transport technologies (BGP, MPLS/VPLS, Segment Routing), and Network Packet Broker Solutions

•            Ability to collaborate to develop an offering of exceptional design, quality, and experience and jointly improve our competitive advantage.

•            Experience with design or design research, and a history of building strong relationships with designers and engineers to deliver solutions that solve complex problems

•            Experience with vulnerability and compliance assessments

•            Must have strong planning and organizational skills

•            Ability to grasp complex concepts and be both a big picture thinker and maintain a strong attention to detail

•            Excellent communication and writing skills; accuracy and consistency are important

•            Ability to understand technical jargon and communicate easily to the average user and system engineers

•            Must be a US Citizen and resident in the US

•            Maintain confidentiality of information

•            Must be able to prioritize projects, maintaining a sense of urgency to meet deadlines.

•            Must possess the ability to follow verbal and written directions

•            Must be a self-starter and able to work well in independently and in Team

•            Must be able to use critical thinking skills and judgment

•            Must be able to work positively and professionally with a wide range of personalities

 

Nice to have

•            Experience with development tools – Jira, GitHub, Artifactory

•            Experience with automation and integrations – Teams, Jira, Jenkins

•            Understanding and experience with coding languages – C/C++, Golang, Java, JavaScript, Python

•            Understanding of Secure Software Development Life Cycles (SDLC/SSDLC)

•            Security Certifications such as FIPS, Common Criteria, DoDIN APL

•            CISSP or equivalent security qualification


Extreme Networks, Inc. (EXTR) creates effortless networking experiences that enable all of us to advance. We push the boundaries of technology leveraging the powers of machine learning, artificial intelligence, analytics, and automation. Over 50,000 customers globally trust our end-to-end, cloud-driven networking solutions and rely on our top-rated services and support to accelerate their digital transformation efforts and deliver progress like never before. For more information, visit Extreme's website or follow us on Twitter, LinkedIn, and Facebook.


We encourage people from underrepresented groups to apply. Come Advance with us! In keeping with our values, no employee or applicant will face discrimination/harassment based on: race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. Above and beyond discrimination/harassment based on “protected categories,” Extreme Networks also strives to prevent other, subtler forms of inappropriate behavior (e.g., stereotyping) from ever gaining a foothold in our organization. Whether blatant or hidden, barriers to success have no place at Extreme Networks.

Similar Jobs

Crowd Strick - Analyst I, Falcon Complete

Crowd Strick

United Kingdom (Remote)
3 Weeks ago
Interactive Brokers - Security Analyst - Incident Response

Interactive Brokers

Hyderabad, Telangana, India (Hybrid)
2 Weeks ago
Telastra - Digital Forensics and Incident Response Senior Analyst

Telastra

Melbourne, Victoria, Australia (On-Site)
3 Weeks ago
Take-Two Interactive - Senior Information Security Analyst

Take-Two Interactive

New York, United States (Hybrid)
2 Weeks ago
Crunchyroll - Customer Experience Operations Analyst

Crunchyroll

Culver City, California, United States (On-Site)
4 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

NVIDIA - Senior Site Reliability Engineer - AI Research Clusters

NVIDIA

Gurugram, Haryana, India (On-Site)
3 Months ago
Yggdrasil Sandbox - Information Security and Data Protection Specialist

Yggdrasil Sandbox

St. Julian's, Malta (On-Site)
3 Weeks ago
Critical mass - Mobile & Cloud Support Technology Lead

Critical mass

San José Province, Costa Rica (On-Site)
1 Month ago
NVIDIA - Senior Site Reliability Engineer - AI Research Clusters

NVIDIA

Austin, Texas, United States (Hybrid)
3 Months ago
Threat connect - Business Analyst

Threat connect

Cluj-Napoca, Cluj County, Romania (Remote)
1 Month ago
Palo Alto Networks - Principal Consultant

Palo Alto Networks

Mexico (Remote)
3 Weeks ago
Booming Games - Game Integrity Manager

Booming Games

Birkirkara, Malta (Remote)
4 Months ago
Applike - Information Security Manager

Applike

Hamburg, Hamburg, Germany (Hybrid)
5 Months ago
Opendoor - Staff Security Engineer

Opendoor

United States (Remote)
1 Month ago
VGW - Security Engineer

VGW

Perth, Western Australia, Australia (On-Site)
3 Weeks ago

Get notifed when new similar jobs are uploaded

Jobs in Raleigh, North Carolina, United States

Next Level Business Services - Technical Lead – Java

Next Level Business Services

Jersey City, New Jersey, United States (On-Site)
7 Months ago
Sourcegraph - Product Marketing Manager

Sourcegraph

San Francisco, California, United States (Remote)
1 Month ago
The Walt Disney Company - Manager, Software Engineering

The Walt Disney Company

Burbank, California, United States (On-Site)
2 Months ago
Discord - Staff Software Engineer, Audio/Video Infrastructure

Discord

San Francisco, California, United States (Hybrid)
2 Months ago
Feld Entertainment - Monster Jam Truck Body Technician

Feld Entertainment

Ellenton, Florida, United States (On-Site)
8 Months ago
Next Level Business Services - SAP-MII Technology Lead

Next Level Business Services

Toledo, Ohio, United States (On-Site)
7 Months ago
Naughty Dog - IT Help Desk Technician

Naughty Dog

Los Angeles, California, United States (On-Site)
1 Month ago
Fox Factory - Sales Manager - Performance Vehicle Development

Fox Factory

Chicago, Illinois, United States (Remote)
2 Weeks ago
Daybreak Game Company LLC - Staff Accountant (Temp)

Daybreak Game Company LLC

San Diego, California, United States (Hybrid)
2 Months ago
Crunchyroll - DevOps Engineer - Cloud Reliability

Crunchyroll

San Francisco, California, United States (Hybrid)
3 Months ago

Get notifed when new similar jobs are uploaded

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

Texas, United States (Remote)

Stockholm, Stockholm County, Sweden (Remote)

Munich, Bavaria, Germany (Remote)

Bengaluru, Karnataka, India (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

Raleigh, North Carolina, United States (On-Site)

Warsaw, Masovian Voivodeship, Poland (Hybrid)

Illinois, United States (Remote)

North Carolina, United States (Remote)

View All Jobs

Get notified when new jobs are added by extreme network

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug