Description
Tyler Technologies is seeking a passionate, talented Senior Product Security Engineer to support our Data and Insights (D&I) solutions on the Security team. This position is an exciting opportunity to influence the security posture of our D&I portfolio, augment our development processes with security-centric activities, and maintain our FedRAMP Moderate ATO. As a Senior Product Security Engineer, you will work in a fast-paced, results-driven environment with highly skilled and dedicated teams committed to transformational change.
The D&I solution serves as Tyler Technologies' central hub for data, reporting, analytics, and artificial intelligence capabilities. Our teams build and maintain the foundational services and solutions that enable data-driven innovation across Tyler's product portfolio. We empower teams throughout the organization to incorporate advanced analytics, AI, and data-driven features into their products, ultimately helping government agencies make better decisions and serve their communities more effectively. Team members contribute their expertise to reduce complexity, introduce innovative solutions, and advance Tyler's data-driven future.
Responsibilities
- Conduct bi-weekly DAST assessments against our production environments. Investigate and report results. Collaborate with engineering for awareness and remediation. Develop and execute a DAST improvement plan inclusive of tool migration and automation inclusion.
- Coordinate, reproduce, and validate reported security findings from clients, cross-team researchers, and third-party penetration testers.
- Monitor and investigate inbound application and infrastructure security alerts.
- Manage an active bug bounty program. Develop and execute an improvement plan that elevates researcher interaction and general program involvement.
- Assume primary responsibility for control families that contribute to our FedRAMP Moderate, SOC2, GDPR, HIPAA, and CJIS certifications. Responsibility includes continuous improvements and auditing, evidence collection and submission, interview participation, internal security reviews, and tabletop exercises.
- Participate in security strategy and planning, including team vision, roadmaps, and increment planning.
- Coach and collaborate with team members to normalize and measure, through a maturity model, security best practices.
- Participate in engineering team meetings, facilitating secure design through instrumenting threat modeling.
- Investigate, document, and resolve security incidents (IRP and ISCP) and provide analysis to senior leadership.
- Stay informed about emerging security trends and technologies. Create and deliver security training and awareness programs for developers, testers, and other stakeholders.
Qualifications
Soft Skills
- Strong organization and prioritization skills. A proven ability to react positively and decisively to change
- Superior verbal and written communication skills, with the ability to communicate complex technical solutions to non-technical audiences
- Deadline-driven, team-oriented, be a self-starter, have great people skills, a strong work ethic, and be enthusiastic and ambitious
- Flexible. Able to independently manage multiple efforts simultaneously while maintaining professionalism under pressure
- A passion for improving the client experience and a track record of successful interactions with internal/external clients
- Excellent troubleshooting skills
- A technical leader with the ability to inspire and support peers
Tools and Technology
- 3-5 years of security engineering experience
- Working experience in Agile Kanban development methodologies
- Expertise in collaboration and prioritization using Confluence, Jira, and Teams
- In-depth knowledge of common web application vulnerabilities, such as OWASP Top Ten (e.g., SQL injection, XSS, CSRF)
- Proficiency with a wide range of security testing tools, including but not limited to vulnerability scanners (e.g., Nessus, Qualys), web application scanners (e.g., Burp Suite Pro, Invicti, OWASP ZAP), and penetration testing frameworks (e.g., Metasploit)
- Familiarity with implementing and managing multiple NIST 800-53 control families: Access Control, Audit and Accountability, Configuration Management, Identification and Authentication, System and Information Integrity
- Strong Python scripting skills and GitHub Enterprise experience
- Experience with static application security testing (SAST), security information and event management (SIEM) systems, and intrusion detection/prevention systems (IDS/IPS)
- Understanding of network and information security best practices
- Experience with Linux, Ubuntu, AWS, Red Hat
- Familiarity in one or more: threat analysis, security automation, penetration testing, incident response, IAM, bug bounty programs, third-party vendor management
- Working experience in cloud log management solutions (e.g., Sumo Logic)
- Experience securing cloud environments with an understanding of cloud security infrastructure and cloud security principles
- Understanding of DevOps and continuous integration/continuous delivery (CI/CD) pipelines and how to integrate security into the DevOps process
- Understanding of attack vectors for cloud environments
- Knowledge of encryption algorithms, certificate management, and cryptographic protocols
- Required to undergo and satisfactorily pass a fingerprint background check in accordance with CJIS requirements.
Other
- Bachelor's degree in Computer Science, Engineering, Mathematics, Information Systems, or a related field preferred
- Valued Certifications: CompTIA Security+, CompTIA Cybersecurity Analyst (CySA+), AWS Professional, AWS Security
Candidates with less experience directly applicable to this position will be considered. You belong here! Not everyone checks every single box, and we encourage you to apply.
We aspire to be remarkable: in the culture we create, the products we build, and the services we deliver. We believe a diverse team that embodies different backgrounds and experiences is necessary for us to be the best we can be. Within the company, we pursue a culture of inclusivity by identifying and removing aspects of our culture that stop people from being able to do the best work of their lives in physical and emotional safety, while being their authentic selves. We continuously seek to strengthen our culture and values in our daily work as individuals.
We are committed to making continual progress in everything that we do.