Product Security Engineer

Over 50,000 customers globally trust our end-to-end, cloud-driven networking solutions. They rely on our top-rated services and support to accelerate their digital transformation efforts and deliver unprecedented progress. With double-digit growth year over year, no provider is better positioned to deliver scalable outcomes than Extreme.

Inclusion is one of our core values and in our DNA. We are committed to fostering an inclusive workplace that embraces our differences and creates an atmosphere where all our employees thrive because of their differences, not in spite of them.

Become part of Something big with Extreme! As a global networking leader, learn why there’s no better time to join the Extreme team.

Extreme Networks is seeking a Product Security Incident Response Team (PSIRT) member to join the Information Security team to support the Product Incident Response process and product scanning and oversight. The role will be supporting Extreme as we continue to support our customers, both in terms of product support and managing the lifecycle of vulnerability resolutions.

The successful candidate for this position will need to:

•            Be able to understand and analyze publicly disclosed vulnerabilities, distilling them down to determine any possible impact

•            Prioritize vulnerabilities and their handling from reporting to resolution

•            Play a pivotal role in safeguarding our organization’s products and services against security threats. You will collaborate with cross-functional teams, respond to security incidents, and contribute to the overall security posture of our offerings

Main Responsibilities:

Product Incident Response Team

•            Lifecycle management of a vulnerability from inquiry to validation of remediation

•            Interpret customer requests and publicly disclosed vulnerabilities to as they relate to Extreme products

•            Monitor, manage, and track internal communication per incident process

•            Interpretation of technical engineering responses for validity

•            Work with engineering and product teams to understand issues, validate responses, and roll-out of remediation plans

Incident Response

•            Investigate and respond to security incidents related to our products

•            Analyze vulnerabilities, exploits, and threats

•            Coordinate with internal teams and external partners during a reported incident until resolution

Product Vulnerability Management

•            Oversee product vulnerability scanning for a range of Extreme products

•            Assess the potential impact of vulnerabilities on our products

•            Validate scan results to develop mitigation strategies

•            External vulnerability oversight to include interpreting cyber score reports

•            Work cross-functionally to remediate finding on vulnerability reports

Security Advisories and Communications

•            Draft timely and accurate security advisories for affected products

•            Monitor security advisories and vulnerability databases

•            Communicate security-related information to customers, partners, and stakeholders

•            Maintain transparency and provide timely updates during incidents

Threat Intelligence

•            Stay informed about emerging threats and attack techniques

•            Collaborate with threat intelligence teams to enhance our defenses

•            Contribute to threat modeling and risk assessments

•            External vulnerability oversight

Collaboration

•            Work cross-functionally with development, engineering, and quality assurance teams

•            Participate in security reviews and design discussions

•            Foster a security-aware culture within the organization

Documentation

•            Maintain accurate records of incidents, investigations, and remediation efforts

•            Create and update security procedures, policies, playbooks, and guidelines

Continuous Improvement

•            Identify areas for process improvement within the PSIRT

•            Enhance incident response procedures and workflows

Requirements

•            Bachelor of Science in fields of computer science or engineering (or equivalent experience)

•            Understand common vulnerabilities and vulnerability databases: CVE, CWE, OWASP, etc.

•            Network protocol knowledge such as TCP/IP, DNS, HTTP/HTTPS and other fundamental protocols

•            Firewall and IDS/IPS knowledge, such as understanding network security devices and their configurations

•            Understanding of secure coding practices and integration of security practices into DevOps pipeline

•            Network solutions knowledge on IP Fabric (BFP, EVPN, VXLAN), transport technologies (BGP, MPLS/VPLS, Segment Routing), and Network Packet Broker Solutions

•            Ability to collaborate to develop an offering of exceptional design, quality, and experience and jointly improve our competitive advantage.

•            Experience with design or design research, and a history of building strong relationships with designers and engineers to deliver solutions that solve complex problems

•            Experience with vulnerability and compliance assessments

•            Must have strong planning and organizational skills

•            Ability to grasp complex concepts and be both a big picture thinker and maintain a strong attention to detail

•            Excellent communication and writing skills; accuracy and consistency are important

•            Ability to understand technical jargon and communicate easily to the average user and system engineers

•            Must be a US Citizen and resident in the US

•            Maintain confidentiality of information

•            Must be able to prioritize projects, maintaining a sense of urgency to meet deadlines.

•            Must possess the ability to follow verbal and written directions

•            Must be a self-starter and able to work well in independently and in Team

•            Must be able to use critical thinking skills and judgment

•            Must be able to work positively and professionally with a wide range of personalities

Nice to have

•            Experience with development tools – Jira, GitHub, Artifactory

•            Experience with automation and integrations – Teams, Jira, Jenkins

•            Understanding and experience with coding languages – C/C++, Golang, Java, JavaScript, Python

•            Understanding of Secure Software Development Life Cycles (SDLC/SSDLC)

•            Security Certifications such as FIPS, Common Criteria, DoDIN APL

•            CISSP or equivalent security qualification

Extreme Networks, Inc. (EXTR) creates effortless networking experiences that enable all of us to advance. We push the boundaries of technology leveraging the powers of machine learning, artificial intelligence, analytics, and automation. Over 50,000 customers globally trust our end-to-end, cloud-driven networking solutions and rely on our top-rated services and support to accelerate their digital transformation efforts and deliver progress like never before. For more information, visit Extreme's website or follow us on Twitter, LinkedIn, and Facebook.

We encourage people from underrepresented groups to apply. Come Advance with us! In keeping with our values, no employee or applicant will face discrimination/harassment based on: race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. Above and beyond discrimination/harassment based on “protected categories,” Extreme Networks also strives to prevent other, subtler forms of inappropriate behavior (e.g., stereotyping) from ever gaining a foothold in our organization. Whether blatant or hidden, barriers to success have no place at Extreme Networks.