Member of Technical Staff Product Security

ABOUT WIND

RIVERWind River is a global leader in delivering software for mission-critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability.

Wind River helps customers across automotive, aerospace, defense, industrial, medical, and telecommunications industries solve complex technology challenges on their journey toward the new intelligent machine economy. The company's software powers generation after generation of the safest, most secure systems in the world. Examples include playing a key role in NASA space missions such as Artemis I, the James Webb Space Telescope, and multiple Mars rovers. We've achieved recent 5G milestones including the world's first successful 5G data session with Verizon and building one of the largest Open RAN networks in the world with Vodafone.

The company has received industry recognition for its technology innovation and leadership, and for its workplace culture, including global Great Place to Work certification and being named a "Top Workplace" for ten consecutive years. If you want to be part of a unique culture where the lived experience is based on our cultural attributes of growth mindset, customer-focus, and diversity, equity, inclusion & belonging, come join us and help advance the future software defined world. YOUR ROLEAs a Member of Technical Staff on our team, you'll focused on implementing modern DevSecOps technologies, pioneering new security tools, processes and capabilities for cloud-native solutions.

The candidate must have experience in securing cloud-native development environments and be a highly adaptable team player who can quickly ramp up on new technologies and accomplish goals in a fast-paced agile environment. A combination of strong technical and communication skills is a must, along with an unbounded desire to learn new technologies and their application.

In your daily job you will:

Secure application on OnPrem and Public Cloud environments leveraging IACEstablish, implement security policies for Docker, K8s and Public Cloud PlatformsImplement and automate Application Security policies by embedding

SAST, DAST, API

Security and Penetration Testing in the product development workflowAccelerate container security with pipeline developmentDrive vulnerability management and remediation in partnership with various product teamsManage and maintain secure integrations between tools like Gitlab, Jenkins, JIRA, and many more.

Implement solutions for event log collection and

SIEM. HOW YOU WILL

CONTRIBUTEKey skills and competencies for succeeding in this role are:

Expertise in Application Security , network design, back-end security-enhancing featuresDeep knowledge of application vulnerability management, remediation, and troubleshooting skillsHands-on experience using tools like Coverity, BurpSuite, ZAP, Trivy, PRISMA Cloud, Tenable, Rapid7 etc.

Excellent programming skills using Python, Go etc.

Proficiency in pipeline automation leveraging Gitlab, Jenkins, Jira etc.

Strong foundation of DevSecOps principles, Infrastructure as Code including Terraform and Helm, Container and Cluster hardeningSecurity penetration testing & threat modelling would be a plus.

Good exposure to cybersecurity principles with a desire to increase knowledgeExperience in Architecting and delivering security features on cloud providers (Azure

AWS, GCP

etc.), On Prem and Hybrid environments.

Industry standards-based documentation, certification, and accreditation such as

NIST SP 800-53, NIST

800-171, FEDRAMP, and Security Technical Implement Guides (STIGs) and bringing components into compliance with these standardsSecrets Management leveraging Hashicorp Vault is a plusExperience with Agile and ScrumSelf-managed, fast learner, and strong problem-solving and analytical skills.

Excellent verbal and written communication skills and a good listener.

Exceptional team player who works well in collaborative situations.

Ability to brainstorm and represent competing ideas simultaneously.

Growth mindset who is passionate about learning and applying new technologies.8+ years of relevant technical experience in cybersecurity with 2+ years of experience in software engineering.

BS / MS degree (Computer Science, Electronics Engineering, or equivalent technical degree)

SECURITY CLEARANCE REQUIREMENTS

Successful candidates must engage in a security clearance process in regard to their citizenship in order to perform fundamental job duties, as per applicable law. In particular, candidates with certain citizenship may not be able to perform such fundamental job duties. Currently, this includes citizens of the following countries: Belarus; Burma; China; Cuba; Iran; North Korea; Syria; Venezuela; Afghanistan; Cambodia; Central African Republic; Cyprus; Democratic Republic of Congo; Ethiopia; Eritrea; Haiti; Iraq; Lebanon; Libya; Russia; Somalia; South Sudan; Sudan; Zimbabwe. The security clearance process may take a significant amount of time to complete, and any offer of employment will be contingent on the candidate's legal ability to perform the fundamental job duties. Wind River is committed to meeting its obligations to candidates under applicable human rights law and privacy law in this regard. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. CompensationThe annual base salary range for... For full info follow application link. We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.