We are looking for a hands-on, driven and creative technical Director, Product Security Engineering to join our team and lead significant contributions to all stages of our Secure Development Lifecycle (SDL), including Software Supply Chain security.
The product teams’ engineers across Thomson Reuters hail from a broad range of backgrounds and experience levels. For this role, a successful candidate will have strong “engineering empathy” backed by top-notch expertise in application security, secure coding, supply chain security as well as development expertise (web services and APIs, front-end and back-end development) in order to reach our ambitious product security goals. Successful candidates will typically have strong analytical and organizational skills, have vast application security experience, and be able to lead a small team of talented engineers.
ABOUT THE ROLE
In this role as a Director, Product Security Engineering, you will…
Build a team of application security engineers and work directly with our other Product Security teams, BISOs and leverage synergies with our extended Information Security & Risk Management teams.
Provide expert application security advice to management and be a lead contributor to the Secure Development Lifecycle to be followed by all our product teams.
Engineer the framework through which technical components of our SDL come together to bring security as a frictionless engineering activity and track KPIs.
Lead our global software supply chain security program.
Participate in secure design discussions during threat modeling sessions, as well as participate in risk assessments.
Work closely with our Security Awareness team to provide first class interactive, targeted application security training to our engineers.
Set a high standard for engineering quality and execution that leads to high quality product security artifacts to secure our products’ SDLC.
Lead, retain, develop, hire and mentor high-performing and diverse teams across your organization.
Understand our company strategy and help guide our team’s direction to realize it.
ABOUT YOU
You are a fit for the role of Director, Product Security Engineering if you meet the below qualifications:
3+ years of management experience as an application security tech lead or manager to accomplish organizational security goals.
8+ years of hands-on security engineering or application security experience.
You fully understand the entire Secure Development Lifecycle and can articulate an engineering centric plan to execute on to meet our goal.
Have been around the block for all things SAST, DAST and SCA and you are able to cut through the noise and the true positives.
You’re at ease with git related workflows, and can script yourself if needed, even if you’re rusty. Javascript, Python, Golang would be great.
You can lead on a threat model session.
Proficiency in building secure CI/CD pipelines. All things as-code mindset to expand to security teams.
Experience in secrets management.
Ability to manage and prioritize multiple tasks and projects and assist/advise your engineers in establishing appropriate priorities
In-depth understanding of software development methodologies and a demonstrated ability to instil security in them.
A desire to remain technical and understand exactly how some implementation details work.
Excellent communication and coaching skills
Experience in leading with agile development practices, e.g., Scrum & Kanban
Preferred Qualifications:
Bachelor’s or Master’s degree in Computer Science preferred
WHAT'S IN IT FOR YOU
At Thomson Reuters, our people are our greatest assets. Here are some of the benefits we offer:
Benefits: Healthcare Plan, Pension Plan, Employee Stock Purchase Plan, 25 Days Annual Leave and Sports Benefits
Get a 360° view of Thomson Reuters: Our Enterprise Centre in Zug is a microcosm of the entire corporation, giving employees who work here:
Accelerated growth in cross-business knowledge
A rich internal network, including senior leadership representing all customer segments and functions
Quality of life: Our employees enjoy an exceptional quality of life in Zug thanks to its Beautiful Scenery, Accessibility, Diversity and Rich Culture
Do you want to be part of a team helping re-invent the way knowledge professionals work? How about a team that works every day to create a more transparent, just and inclusive future? At Thomson Reuters, we’ve been doing just that for almost 160 years. Our industry-leading products and services include highly specialized information-enabled software and tools for legal, tax, accounting and compliance professionals combined with the world’s most global news services – Reuters. We help these professionals do their jobs better, creating more time for them to focus on the things that matter most: advising, advocating, negotiating, governing and informing.
We are powered by the talents of 25,000 employees across more than 75 countries, where everyone has a chance to contribute and grow professionally in flexible work environments that celebrate diversity and inclusion. At a time when objectivity, accuracy, fairness and transparency are under attack, we consider it our duty to pursue them. Sound exciting? Join us and help shape the industries that move society forward.
Accessibility
As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.
We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law.
More information about Thomson Reuters can be found on thomsonreuters.com.