Product Security Specialist
Basis:
Permanent - Full-time
Area of Interest:
Technical Operations
Location:
Oakville, Ontario
Who we are
Who you are:
We are always looking for amazing talent who can contribute to our growth and deliver results! Geotab is seeking a Product Security Specialist who will review existing/new/proposed products with a variety of source code, dynamic and dependency scanners, manual code reviews and security-based architecture reviews as required. If you love technology, and are keen to join an industry leader — we would love to hear from you!
What you'll do:
As a Product Security Specialist your key area of responsibility will be validating scanner findings by tracing source code for a variety of code bases and provides developer level suggestions for code remediation. You will need to work closely with technical and non technical stakeholders to evaluate results of risk assessments.
To be successful in this role you will be a self-starter with strong written and verbal communication skills, and have the ability to quickly understand complex, technical concepts. In addition, the successful candidate will be able to work well under pressure and respond to fast changing priorities and deadlines.. The successful candidate will also be highly organized and able to manage multiple tasks and projects simultaneously.
How you'll make an impact
- Review existing/new/proposed products with a variety of source code, dynamic and dependency scanners, manual code reviews and security-based architecture reviews as required
- Manually validates scanner findings by tracing source code for a variety of code bases (C#, .net, Java, js/ts/html, swift, kotlin, python, C, firmware) (Not all Required) and provides developer level suggestions for code remediation.
- Explain risk assessments at both the developer (technical) and management (Non technical) levels.
- Write and maintain scripts/code (bash and python) to generate scan input packages, automate security scanner execution and integrate scanners with CI pipelines and Google Cloud storage and reporting mechanisms.
- Update scanning scripts quickly, and refactor as needed.
- Contribute to secure coding standards (involves developing secure coding training for current and future developers).
- Perform technical writing of assessment reports and vulnerability descriptions for product owners and developers.
- Look at the bigger picture and question whether the coverage is sufficient, and if not make recommendations to address coverage gaps.
- Follow through to prevent things falling through the cracks. Prioritizes work that benefits the team. Escalates issues in a timely manner.
- Support Geotab global strategic initiatives.
What you'll bring to the role
- 3-5+ years of experience with security evaluation/analysis and security code reviews or relevant development experience
- Bachelor’s degree in Computer Science, Information Management, Engineering or a related field
- Security certifications highly preferred (OSCP,OSWA,OSWE)
- Experience using source code, dynamic and dependency scanners (e.g. Veracode, Fortify, Sentinel, owasp dependency, NetSparker, Qualys etc.)
- Knowledge of programming languages; web service technologies; dependency package managers, and how they are specified in code.
- Able to dive deeply into convoluted or difficult code to evaluate the validity of potential vulnerabilities.
- Competent with Linux, Windows, GCE, bash, python.
Why job seekers choose Geotab
Flex working arrangements
Home office reimbursement program
Baby bonus & parental leave top up program
Online learning and networking opportunities
Electric vehicle purchase incentive program
Competitive medical and dental benefits
Retirement savings program
*The above are offered to full-time permanent employees only