Job Details

As a product security engineer for Tableau you will uncover and triage vulnerabilities in our products and facilitate remediation. You will work closely with security researchers, internal stakeholders, and customers to evaluate the validity of reported security vulnerabilities. You will identify the risk these vulnerabilities present and assign a rating for remediation teams. Your work will encompass the full range of Tableau products. You will work with talented technical experts from various Tableau and Salesforce teams on a regular basis. Top contributors will enjoy the freedom to work with limited barriers and the experience of working with other talented and passionate information security professionals.

Responsibilities

• Confirm reported vulnerabilities in Tableau products

• Work closely with customers and security researchers to understand vulnerability reports

• Assess and measure the risk presented by vulnerabilities

• Measure exploitability of vulnerabilities based on mitigating controls

• Document proof of concept exploitation steps

• Research known vulnerabilities to reduce reporting duplicate findings

• Establish priority level for remediation with product development teams

• Establish proper team ownership for remediation activities

• Register finding and related information for proper tracking

• Direct investigations into previous exploitation of new findings

• Direct creation of detection technologies while remediation takes place

• Work with other teams to prepare responses for questions related to vulnerabilities

• Support teams responsible for approving external security assessment requests

• Perform research on new attacks and present new findings to both internal and external audiences

• Research new threats, attack vectors and risks

• Lead security assessment and threat modeling sessions

Qualifications

• B.S. / M.S. in Information Security, Computer Science, Electrical Engineering or related experience

• 3-5+ years work experience in an application security role

• In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25

• Experience in exploiting web and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, and more

• A hacker's mindset and experience with popular penetration testing tools

Desired Skills and Credentials:

• Proficiency with Tableau products

• Secure code review experience (Java and C++)

• Experience with bug bounty programs

• Relevant Information security certifications. (GWAPT, GPEN, OSCP, OSCE, OSWE, CEH, CISSP, etc)

• Ability to self motivate when given strategic goals