Senior Product Security Engineer

The role: 

• As a Product Security Engineer at Newsela, you will play a pivotal role in ensuring the security of our SaaS products by designing and implementing security controls to protect sensitive data to prevent unauthorized access.
• Ensure compliance with relevant security standards, regulations, and industry certifications (e.g., SOC2, GDPR, HIPAA), while managing requirements gathering and remediation efforts for SOC2 and other security audits.
• Develop security-related documentation, such as policies, procedures, and control mappings, while participating in risk assessments and compliance reviews to identify areas for improvement.
• Champion security awareness and adherence to secure coding practices among development teams and provide guidance and support to internal stakeholders on security best practices and compliance requirements.
• You will work closely with our engineering teams to build advanced detection solutions to help keep systems and information safe and partner closely with our Legal team to conduct complex investigations.
• Collaborate with internal stakeholders and external partners, including vendors and customers, to respond to RFPs about product security and compliance.
• Lead investigations into security incidents by conducting root cause analysis and implementing corrective actions to prevent recurrence.
• Implement security controls and remediation activities to mitigate identified risks and vulnerabilities.
• Monitor and track compliance with security policies and standards, and report on findings to relevant stakeholders.

Why you’ll love this role:

• You’ll be part of an organization solving real challenges in K-12 education, and your role will directly impact Newsela’s product security. 
• Your work will shape the future of Newsela’s security practices for our products, which are loved by teachers nationwide, and you’ll work to protect sensitive data and prevent unauthorized access for our customers, teachers and students.
• Your expertise in identifying and mitigating security risks will be essential in safeguarding our customers' data and ensuring compliance with industry standards and regulations.
• Will you empower our developers to securely introduce new features.
• You will lead investigations into security incidents, conducting root cause analysis and implementing corrective actions to prevent recurrence.

Why you’re a great fit:

• 3+ years of experience as a Product Security Analyst, Product Security Engineer, or Security Engineer with proven experience in product security engineering and a focus on SaaS applications.
• Bachelor's degree in Computer Science, Information Security, or related field. Advanced degree or relevant certifications (e.g., CISSP, CISM, CSSLP) preferred.
• Experience working with vendors and customers to respond to RFPs about product security and compliance, and experience working in partnership with Software Development and Legal teams for security compliance.
• Experience with requirements and remediation for SOC2 and other security audits for software as a service.
• Demonstrated coding ability in Python and familiarity with cloud computing platforms (e.g., AWS, Azure, GCP), and associated security controls.
• Strong understanding of web application security concepts, including authentication, authorization, encryption, and secure coding practices.
• Hands-on experience with security tools and technologies, such as vulnerability scanners, penetration testing tools, and SIEM solutions.
• Strong analytical and problem-solving abilities, with a keen attention to detail and a proactive approach to security challenges.
• Proven capacity to assess system security, discern patterns, and delve into intricate issues.
• Proficiency in making data-driven, risk-based decisions.
• Results-driven approach with exceptional interpersonal and communication abilities to effectively engage with technical and non-technical stakeholders.
• Strong empathy towards our customers, including internal developers.