Governance Product Security Engineer
You will work with developers to determine the best ways of integrating security assurance practices into their development workflows.
You will have the opportunity to contribute and innovate in emerging areas requiring security assurance.
You will work with stakeholders in Intel Product Assurance and Security (IPAS) to ensure the appropriate security assurance requirements are established in our security polices, enforced, and communicated in our security practices.
You will be responsible to provide support to the Governance team by providing insights on the Security Development Lifecycle (SDL) quality of execution, Product Security Expert (PSE) knowledge sharing and clear security assurance practices.
You will collaborate with engineers, consultants, and leadership to address security risks and provide mitigation recommendations within the SDL.
Ability to work effectively in situations involving ambiguity or lack of information.
Ability to independently set and achieve objectives working with others across teams and organizations.
Self-motivated individual capable of setting goals that are in-line with the larger organization.
Strong interpersonal, oral, and written communication skills.
Excellent documentation skills.
Experience mentoring others and desire to engage technically.
Experience technically influencing and consulting on projects with management of competing goals.
Minimum qualifications are required to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates.
BS/MS Electrical Engineering, BS/MS Computer Engineering, BS/MS Computer Architecture, BS/MS Computer Science, or equivalent degree
7+ years of experience working within product development with 4+ years of demonstrable product security experience and 5+ years of experience in the following:
Ability to comprehend the implications of security trade-offs in the face of threats, attacks and/or vulnerabilities
Cloud deployment experience, cloud services and support.
Expertise with the SDL in specific areas of threat modeling, security validation strategy and planning, architecture reviews, design reviews and implementation reviews.
Background as a cloud security architect, security validator or security researcher is preferred.
Support as needed in threat modelling and preparation for review at the Security Architects Forum (SAFE) and the disposition of architectural issues identified
Has thorough understanding of security assurance dependencies and best practices relative to third-party (open source or 3PIP). Understands what resources are available and capabilities that can be tapped to assist teams in closing implementation issues. Understands what the appropriate security tools are for their domain and has functional understanding of how and when to use (static and dynamic analysis tools, fuzzing tools, register tools, etc.).
Supports, as necessary, the disposition of security issues or vulnerabilities identified.