Product Security Engineer

2 Weeks ago • 3 Years +

Job Summary

Job Description

This role involves being a Product Security Incident Response Team (PSIRT) member, focusing on product incident response processes, scanning, and oversight. The responsibilities include understanding and analyzing public vulnerabilities, prioritizing them for resolution, and collaborating with cross-functional teams to safeguard products. The role also includes managing vulnerability lifecycles, interpreting customer requests, monitoring communication during incidents, validating engineering responses, working with teams for remediation, investigating security incidents, and drafting security advisories. It requires staying informed about emerging threats, contributing to threat modeling, and documenting incidents. The role will also involve overseeing product vulnerability scanning, assessing the impact of vulnerabilities and developing mitigation strategies.
Must have:
  • Understanding of CVE/CVSS frameworks and vulnerability databases.
  • Knowledge of network protocols (TCP/IP, DNS, HTTP/HTTPS)
  • Knowledge of Firewall and IDS/IPS.
  • Understanding of secure coding practices.
  • Strong planning and organizational skills.
  • Excellent communication and writing skills.
Good to have:
  • Experience with development tools like Jira and GitHub.
  • Experience with automation and integrations (Teams, Jira, Jenkins)
  • Experience with coding languages (C/C++, Golang, Java, JavaScript, Python)
  • Understanding of Secure Software Development Life Cycles (SDLC/SSDLC)
  • Security Certifications such as FIPS, Common Criteria, DoDIN APL
  • CISSP or equivalent security qualification.

Job Details

Over 50,000 customers globally trust our end-to-end, cloud-driven networking solutions. They rely on our top-rated services and support to accelerate their digital transformation efforts and deliver unprecedented progress. With double-digit growth year over year, no provider is better positioned to deliver scalable outcomes than Extreme.


Inclusion is one of our core values and in our DNA. We are committed to fostering an inclusive workplace that embraces our differences and creates an atmosphere where all our employees thrive because of their differences, not in spite of them.


Become part of Something big with Extreme! As a global networking leader, learn why there’s no better time to join the Extreme team.


Extreme Networks is seeking a Product Security Incident Response Team (PSIRT) member to join the Information Security team to support the Product Incident Response process and product scanning and oversight. The role will be supporting Extreme as we continue to support our customers, both in terms of product support and managing the lifecycle of vulnerability resolutions.

 

The successful candidate for this position will need to:

•            Be able to understand and analyze publicly disclosed vulnerabilities, distilling them down to determine any possible impact

•            Prioritize vulnerabilities and their handling from reporting to resolution

•            Play a pivotal role in safeguarding our organization’s products and services against security threats. You will collaborate with cross-functional teams, respond to security incidents, and contribute to the overall security posture of our offerings

 

Main Responsibilities:

Product Incident Response Team

•            Lifecycle management of a vulnerability from inquiry to validation of remediation

•            Interpret customer requests and publicly disclosed vulnerabilities to as they relate to Extreme products

•            Monitor, manage, and track internal communication per incident process

•            Interpretation of technical engineering responses for validity

•            Work with engineering and product teams to understand issues, validate responses, and roll-out of remediation plans

Incident Response

•            Investigate and respond to security incidents related to our products

•            Analyze vulnerabilities, exploits, and threats

•            Coordinate with internal teams and external partners during a reported incident until resolution

Product Vulnerability Management

•            Oversee product vulnerability scanning for a range of Extreme products

•            Assess the potential impact of vulnerabilities on our products

•            Validate scan results to develop mitigation strategies

•            External vulnerability oversight to include interpreting cyber score reports

•            Work cross-functionally to remediate finding on vulnerability reports

Security Advisories and Communications

•            Draft timely and accurate security advisories for affected products

•            Monitor security advisories and vulnerability databases

•            Communicate security-related information to customers, partners, and stakeholders

•            Maintain transparency and provide timely updates during incidents

Threat Intelligence

•            Stay informed about emerging threats and attack techniques

•            Collaborate with threat intelligence teams to enhance our defenses

•            Contribute to threat modeling and risk assessments

•            External vulnerability oversight

Collaboration

•            Work cross-functionally with development, engineering, and quality assurance teams

•            Participate in security reviews and design discussions

•            Foster a security-aware culture within the organization

Documentation

•            Maintain accurate records of incidents, investigations, and remediation efforts

•            Create and update security procedures, policies, playbooks, and guidelines

Continuous Improvement

•            Identify areas for process improvement within the PSIRT

•            Enhance incident response procedures and workflows

 

Requirements

•            Bachelor of Science in fields of computer science or engineering (or equivalent experience)

•            Understand common vulnerabilities and vulnerability databases: CVE, CWE, OWASP, etc.

•            Network protocol knowledge such as TCP/IP, DNS, HTTP/HTTPS and other fundamental protocols

•            Firewall and IDS/IPS knowledge, such as understanding network security devices and their configurations

•            Understanding of secure coding practices and integration of security practices into DevOps pipeline

•            Network solutions knowledge on IP Fabric (BFP, EVPN, VXLAN), transport technologies (BGP, MPLS/VPLS, Segment Routing), and Network Packet Broker Solutions

•            Ability to collaborate to develop an offering of exceptional design, quality, and experience and jointly improve our competitive advantage.

•            Experience with design or design research, and a history of building strong relationships with designers and engineers to deliver solutions that solve complex problems

•            Experience with vulnerability and compliance assessments

•            Must have strong planning and organizational skills

•            Ability to grasp complex concepts and be both a big picture thinker and maintain a strong attention to detail

•            Excellent communication and writing skills; accuracy and consistency are important

•            Ability to understand technical jargon and communicate easily to the average user and system engineers

•            Must be a US Citizen and resident in the US

•            Maintain confidentiality of information

•            Must be able to prioritize projects, maintaining a sense of urgency to meet deadlines.

•            Must possess the ability to follow verbal and written directions

•            Must be a self-starter and able to work well in independently and in Team

•            Must be able to use critical thinking skills and judgment

•            Must be able to work positively and professionally with a wide range of personalities

 

Nice to have

•            Experience with development tools – Jira, GitHub, Artifactory

•            Experience with automation and integrations – Teams, Jira, Jenkins

•            Understanding and experience with coding languages – C/C++, Golang, Java, JavaScript, Python

•            Understanding of Secure Software Development Life Cycles (SDLC/SSDLC)

•            Security Certifications such as FIPS, Common Criteria, DoDIN APL

•            CISSP or equivalent security qualification


Extreme Networks, Inc. (EXTR) creates effortless networking experiences that enable all of us to advance. We push the boundaries of technology leveraging the powers of machine learning, artificial intelligence, analytics, and automation. Over 50,000 customers globally trust our end-to-end, cloud-driven networking solutions and rely on our top-rated services and support to accelerate their digital transformation efforts and deliver progress like never before. For more information, visit Extreme's website or follow us on Twitter, LinkedIn, and Facebook.


We encourage people from underrepresented groups to apply. Come Advance with us! In keeping with our values, no employee or applicant will face discrimination/harassment based on: race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. Above and beyond discrimination/harassment based on “protected categories,” Extreme Networks also strives to prevent other, subtler forms of inappropriate behavior (e.g., stereotyping) from ever gaining a foothold in our organization. Whether blatant or hidden, barriers to success have no place at Extreme Networks.

Similar Jobs

Crowd Strick - Analyst I, Falcon Complete

Crowd Strick

(Remote)
1 Day ago
Tesla - Security Operations Center (SOC) Operator

Tesla

Milton Keynes, England, United Kingdom (On-Site)
3 Months ago
GameJobs - Live Ops Analyst

GameJobs

Seoul, South Korea (On-Site)
1 Year ago
Zscaler - Staff Threat Researcher

Zscaler

Pune, Maharashtra, India (On-Site)
1 Week ago
AGS - American Gaming Systems - Lead DevSecOps Engineer

AGS - American Gaming Systems

Georgia (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Flexra Software - Security Operations Engineer

Flexra Software

Bengaluru, Karnataka, India (Hybrid)
2 Weeks ago
Philips - Sr. Information Security Manager

Philips

Eindhoven, North Brabant, Netherlands (On-Site)
1 Week ago
Jane Street - Cybersecurity Analyst

Jane Street

Hong Kong (On-Site)
1 Week ago
Sabre India - Principal Software Engineer - Revenue Optimzier

Sabre India

Kraków, Lesser Poland Voivodeship, Poland (Hybrid)
2 Weeks ago
Outbrain - DevOps Security Engineer

Outbrain

Netanya, Center District, Israel (Hybrid)
1 Week ago
OtherSide Entertainment - Senior DevOps Engineer

OtherSide Entertainment

United States (Remote)
1 Month ago
Thatgamecompany - Senior DevOps Engineer (LiveOps)

Thatgamecompany

Shanghai, Shanghai, China (On-Site)
1 Month ago
Google - Senior Digital Forensics Incident Response Consultant

Google

Los Angeles, California, United States (On-Site)
2 Weeks ago
Google - Senior Digital Forensics Incident Response Consultant

Google

Los Angeles, California, United States (On-Site)
4 Weeks ago
Varonis Internal - Senior MDR Analyst (Level 3)

Varonis Internal

Herzliya, Tel Aviv District, Israel (Hybrid)
4 Weeks ago

Get notifed when new similar jobs are uploaded

Jobs in Raleigh, North Carolina, United States

Square Enix - Operations Support, Night Agent

Square Enix

El Segundo, California, United States (On-Site)
1 Month ago
Veeam Software - Inside Sales Representative, Commerical

Veeam Software

Alpharetta, Georgia, United States (On-Site)
2 Weeks ago
GameJobs - Machine Learning Security Intern

GameJobs

Los Angeles, California, United States (On-Site)
2 Weeks ago
GameChanger  - Product Design Manager, Monetization

GameChanger

United States (Remote)
1 Month ago
Rockstar Games - Manager, Data Engineering

Rockstar Games

New York, New York, United States (On-Site)
5 Months ago
Loft Orbital - Flight Dynamics Software Engineer

Loft Orbital

San Francisco, California, United States (Hybrid)
10 Months ago
Epic Games - Senior Designer

Epic Games

United States (On-Site)
3 Months ago
Google - ASIC Design Verification Engineer, TPU Compute

Google

Sunnyvale, California, United States (On-Site)
4 Weeks ago
Fluence - Sales Engineer/Senior Sales Engineer - Battery Energy Storage

Fluence

San Francisco, California, United States (Hybrid)
7 Months ago
The Walt Disney Company - Theater Host

The Walt Disney Company

Los Angeles, California, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

Bengaluru, Karnataka, India (Hybrid)

Raleigh, North Carolina, United States (Hybrid)

Tokyo, Japan (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

View All Jobs

Get notified when new jobs are added by Extreme Network

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug