Lead Product Cyber Security Engineer

WHAT WE SEEK

The newly created role of Lead Product Cybersecurity Engineer will be responsible for the establishment, coordination, and adoption of cybersecurity practices across the entire product development lifecycle to achieve secure products and services. This role requires both hands-on security engineering and being a strategic partner across the engineering organization in all matters related to product cybersecurity. This person will work with multiple teams composed of developers, scrum leaders, quality engineers, site reliability engineers, and product owners to implement a SSDLC. In this role, you will be responsible for our product cybersecurity strategy and setting up a cybersecurity program to ensure the implementation of the strategy in our product portfolios.

WHAT YOUR DAY WILL LOOK LIKE

• Drive the product security roadmap toward a security development lifecycle
• Create policies, procedures and metrics to enforce secure SDLC
• Support cyber risk assessments and threat modeling,and the development of risk mitigation plans for new and existing products
• Participate in key projects as product cybersecuritys representative
• Implement cybersecurity requirements over the entire engineering life-cycle including: Requirements, Design, Development, Integration, Verification & Validation and Test
• Identify and recommend security-related training and development needs for Carnegie Learning staff
• Perform security assessments in Cloud environments (AWS)
• Use and customize commercial and open-source security assessment tools
• Develop advanced correlation rules, reports and dashboards to detect emerging threats in Cloud environments
• Have familiarity with reverse engineering tools, debuggers, and dynamic analysis techniques
• Have an understanding of application protocols, development, and common attack vectors
• Create/lead bug bounty program
• Create/Manage responsible disclosure program
• Static and Dynamic code analysis
• Select and manage third-party testing
• Respond to RFP
• Lead compliance efforts (GDPR, CCPA, FERPA, SOC2, etc)
• Automate network and application vulnerability testing
• Implement SIEM
• Implement and manage EDR tools
• Formalize and own IR processes.

WHAT SHOULD BE IN YOUR BACKPACK

• Bachelors Degree in Computer Science or equivalent years of experience
• 7+ years of experience in security engineering
• Practical work experience in implementing cybersecurity solutions in a product-based company
• Ability to provide leadership across multiple teams to illustrate strategy is reducing risk and meeting the needs of our customers
• Knowledge of multiple security tools and implementation of them within our SDLC process to remediate security vulnerabilities
• Expertise in data governance and compliance
• Excellent understanding of enterprise logging standards within cloud environments
• Experience with Cyber Table Top, Cooperative Vulnerability Assessments/Investigations, Adversarial Assessments, or other pen test and threat evaluation efforts
• Knowledge of the current threat landscape, including common attack types and malware capabilities
• Excellent communication skills

WHAT GIVES US PURPOSE

Carnegie Learning is a leading provider of K-12 education technology, curriculum, and professional learning solutions. With the highest quality, research-based offerings for K-12 math, ELA, world languages, and more, Carnegie Learning is changing the way we think about learning and creating powerful results for teachers and students alike. At Carnegie Learning we strive to create an environment where people want to work - one where the larger team comes first, where trying new things (and sometimes failing) is encouraged, and where we pursue our mission relentlessly.

Carnegie Learning is a major disruptive force in the digital curriculum market by combining world-class research, differentiated technology, best in class content together with a world-class mission-oriented team. This is where you come in! Are you ready to do the best work of your career and shape the future of learning?

WHAT WE PROVIDE

• Named a Pittsburgh Top Workplace five years in a row
• Medical, dental, and vision benefits
• Virtual health services
• Basic life and disability insurance is offered at no cost
• HSA, FSA, DCSA, and Commuter saving accounts
• 401k with company match
• Employee assistance program
• Pet and Legal services insurance
• Generous paid time off and holidays
• Variable compensation opportunities
• Business casual work environment
• Mission-driven culture
• Flexible working hours, leveraging remote capabilities

WHAT WE BELIEVE

We respect and celebrate the unique attributes, characteristics, and perspectives that make each person who they are. We also believe that bringing diverse individuals together allows us to collectively and more effectively address the issues that face our business and industry. Carnegie Learning is an Equal Opportunity Employer.