Application Security Engineer/ Product Security Engineer
Job Details
As a product security engineer for Tableau you will uncover and triage vulnerabilities in our products and facilitate remediation. You will work closely with security researchers, internal stakeholders, and customers to evaluate the validity of reported security vulnerabilities. You will identify the risk these vulnerabilities present and assign a rating for remediation teams. Your work will encompass the full range of Tableau products. You will work with talented technical experts from various Tableau and Salesforce teams on a regular basis. Top contributors will enjoy the freedom to work with limited barriers and the experience of working with other talented and passionate information security professionals.
Responsibilities
Confirm reported vulnerabilities in Tableau products
Work closely with customers and security researchers to understand vulnerability reports
Assess and measure the risk presented by vulnerabilities
Measure exploitability of vulnerabilities based on mitigating controls
Document proof of concept exploitation steps
Research known vulnerabilities to reduce reporting duplicate findings
Establish priority level for remediation with product development teams
Establish proper team ownership for remediation activities
Register finding and related information for proper tracking
Direct investigations into previous exploitation of new findings
Direct creation of detection technologies while remediation takes place
Work with other teams to prepare responses for questions related to vulnerabilities
Support teams responsible for approving external security assessment requests
Perform research on new attacks and present new findings to both internal and external audiences
Research new threats, attack vectors and risks
Lead security assessment and threat modeling sessions
Qualifications
B.S. / M.S. in Information Security, Computer Science, Electrical Engineering or related experience
3-5+ years work experience in an application security role
In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25
Experience in exploiting web and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, and more
A hacker's mindset and experience with popular penetration testing tools
Desired Skills and Credentials:
Proficiency with Tableau products
Secure code review experience (Java and C++)
Experience with bug bounty programs
Relevant Information security certifications. (GWAPT, GPEN, OSCP, OSCE, OSWE, CEH, CISSP, etc)
Ability to self motivate when given strategic goals