M+E Technology Job Board

Senior Product Security Analyst

OpenText

You will be responsible for the coordination and internal triage of externally and internally reported security vulnerabilities related to OpenText’s portfolio of software products, with a goal to decrease the overall timelines of resolution.

You are great at:

• You will design and maintain a formal Threat & Vulnerability Management Program that defines the vulnerability priorities aligned with business criticality, aligned with our Product Security Assurance Program;
• You will perform vulnerability data analysis and investigation to assess the severity and risk that reported vulnerabilities and threats pose to OpenText’s products and solutions, and more importantly, to the customers who rely on these products and solutions;
• You will drive daily routine threat and vulnerability management tasks as required;
• You will obtain a strong understanding of OpenText’s product portfolio and organizational structure, and frequently communicate and build relationships with key stakeholders, internal teams and departments, external customers and security researchers;
• You will work extensively with defect tracking / issue management tools and solutions;
• You will stay up-to-date with application security related news, threats and issues, by scouring public blogs and vulnerability disclosure databases, continually and pro-actively looking for threats affecting OpenText’s products and solutions;
• You will design, champion and maintain any official Responsible Disclosure initiatives and programs triggered by the organization;
• You will produce clear, concise reports to management, maintain reporting dashboards, and most importantly, be able to answer the status of any threat or vulnerability at any given point-in-time;
• You will lead long-term projects and initiatives relating to threat and vulnerability management, with a goal to automate and improve operational efficiency;
• You will mentor less senior product security analysts as required.

What it takes:

• You have in-depth knowledge / experience with Threat and Vulnerability Management / Coordination / Security Alerting / Incident Response / Patch & Release Management;
• You have a good understanding of application layer security aspects and technologies, web services / RESTful APIs, web servers, and databases, as well as related industry standard best practice application security controls, requirements, specifications and features;
• You are well organized and proactive, analytical, and have excellent writing and communication skills, with a commitment to quality and a thorough approach to work;
• You have strong influencing and negotiation skills which will help you convince stakeholders on the importance of resolving security issues promptly;
• You have experience with writing technical documentation, and ideally with writing security related alerts and advisories;
• You have the ability to multitask in a very fast paced working environment;

Desired Experience / Education / Certifications:

• 5+ years of experience in vulnerability management or incident handling / response, in a software development or support, or a similar software security related role;
• B.E./B.Tech/Bachelors of Computer Science or college diploma with security related certifications;
• General information security related certifications, (e.g. CISSP, CISM, GSEC, CCSP, etc.) are beneficial