This position has beenFilled View Open positions
Product Security Architect
Lucidworks is shaping the future of digital experiences, AI, and machine learning by reimagining the power and value of search to create all-new, human-centered experiences. Our ambitious, empowered team is focused on helping our customers meet their loftiest goals. Fusion, our advanced development platform, gives these enterprises the capabilities to design, develop, and deploy intelligent search at any scale. Our roots are in Solr, the global search standard used by 90 percent of Fortune 500 companies, and our team includes leading search and discovery contributors and committers as well as many of the world’s foremost search and machine learning innovators. We’re serious about the impact of our products to catalyze results for our customers, and about building a team that delivers meaningful results across a growing worldwide community.
As the Product Security Architect, you will be responsible for ensuring that Lucidworks products meet a high standard of security and compliance. You will be responsible for defining policies and procedures as well as controls and tooling for product security initiatives. Additionally, you will conduct assessments and audits to measure compliance and performance against security goals. You will also assist sales and account teams with answering security questions from prospects and customers.
- Define security best practices and implementation guidance for containerized software deployments in Kubernetes.
- Establish best practices for the effective avoidance, identification, and resolution of security weaknesses in products, services, and related processes.
- Coordinate with CloudOps team members to ensure security best practices and vulnerability management of managed products.
- Engage with product teams as both advisor and contributing team member to enable building security into complex systems across the entire product lifecycle; including conducting security reviews and coordinating penetration testing.
- Partner with engineering teams in security activities during the product lifecycle, such as secure design reviews/threat modeling, security code reviews, security test planning, and component security hardening, to identify potential security weaknesses.
- Perform analysis and execute POVs (Proof of Value) and POCs (Proof of Concepts) initiatives evaluating third-party and in-house security and compliance tools.
- Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible.
- Assist pre-sales teams in responding to security questions and concerns from prospects during the sales process.
Required Skills & Qualifications
- 3+ years of related experiences
- Master’s degree a plus or Bachelor’s Degree in related Software engineering orequivalent experience.
- Container security experience with Docker and Kubernetes.
- Secure software/systems development lifecycle experience. Demonstrable knowledge and experience in multiple of the following areas: Software development, SDLC, dependency management, coding, and scripting skills.
- Strong familiarity with multiple common SCA, SAST, DAST, IAST tools e.g., OWASP, Synopsis, Qualys, Sonarqube, JFrog Xray, Coverity, WhiteSource, Checkmarx, Veracode, Snyk, and similar.
- Application or system hardening, Security Testing /Penetration Testing, Fuzzing, Cloud security, Cryptography, Forensics, or reverse engineering.
- Knowledge of common security standards and best practices, such as NIST 800-53/800-160, ISO 270xx, CWE, CVSS, OWASP Top 10, CERT Secure Coding Standards.
- Prior or current involvement in industry security initiatives such as IETF, OWASP, ISO, CWE, BSIMM, Cloud Security Alliance, or any open-source project related to security.
- Experience with performing security requirements analysis to secure the deployment of large globally distributed cloud-based platforms.
Even better if you have:
- Experience with storage technologies such as GCS, Networking: VPC, IDS/IPS, WPA, firewalls, reverse proxies, Load Balancers, Security Groups/List.
- Experience with IT Security Frameworks such as NIST, ISO27001, PCI, DSS, FedRAMP
- Certified Software Security Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP) certification, SANS GIAC Certified Incident Handler (GCIH), or SANS GIAC Certified Penetration Tester (GPEN) or equivalent certification.
- One or more of the following certifications: AWS Certified Solutions Architect (professional), AWS Certified Security (Specialty), CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP), CISSP.
- Resourcefulness: willing to jump in, work with both opportunity and constraint, and leverage existing resources to accomplish goals
- Team player: confident in collaborating with a diverse community of people and personalities across geographies, backgrounds, and professional abilities
- Outstanding interpersonal and written communication skills
- Empathy and care for all stakeholders of Lucidworks, including employees, executives, customers, partners, and guests.