Job Title: Product Security Engineer

Location: Remote (US)

Divisions: Construction and Public & Owner

We are Trimble

We are an industrial technology company that transforms the way the construction, agriculture and transportation industries conduct business right across the world. Essentially, we make it easier for our customers to build infrastructure, grow our foods and transport the goods you use everyday - and do it in an environmentally responsible way. For your career, this means working with a global team of people who have an entrepreneurial spirit while tackling some of the world's biggest challenges, working in a collaborative and inclusive environment with innovators who bring their whole selves to work.

Job Summary

We are recruiting for a self-motivated and versatile Product Security Engineer to join the global Trimble Cyber Security Team, which is responsible for securing Trimble's product and enterprise systems. You will be a visible member and thought leader of our cyber security engineering team and will help us advance cybersecurity requirements, processes, and technology solutions across multiple products. The role requires someone who can use their initiative and work well independently and part of a global team.

Key Responsibilities

• Perform security architecture reviews of Trimble-developed existing and next-gen SaaS products.

• Assist in developing security requirements for Trimble-developed platforms.

• Perform threat modeling.

• Work alongside software development teams, site reliability engineers, and operational teams to ensure Trimble products have appropriate security controls and security processes are in place and operating effectively.

• Guide development teams on effective use of existing tooling (SAST, DAST, IAST, Kubernetes, & Open Source).

• Guide architecture and cloud teams on effective use of enacting cloud security best practices within Azure and AWS.

• Provide remediation support and guidance to teams as a part of the development lifecycle.

• Perform and communicate risk assessments across a wide variety of technologies.

• Conduct targeted security testing, support technical security engineering analysis based on established threat models of root cause and proposed mitigations from vendors for issues development, testing, hacking and research on Trimble products and services with actionable recommendations.

• Participate in internal team meetings to discuss product security certification strategy, efforts, and results. In addition, to supporting internal Pre-Lab team during face to face meetings & calls around critical product milestones with manufacturers/OEMs.

• Support Compliance efforts which include ISO 27001, NIST 800-171, NIST 800-53, SOC, FedRAMP/StateRAMP

Preferred Skills and Experience

• Strong organizational skills with ability to effectively manage competing demands, prioritize appropriately, and oversee multiple tasks simultaneously

• Strong communication skills, both verbal and written with strong presentation and facilitation skills

• Ability to work independently and in a team-oriented, collaborative environment with both internal and external customers is essential

• 4 years experience in a security architecture role

• 3 years experience and a deep understanding of cloud security (AWS & Azure)

• 2 years experience working with cybersecurity certifications (ISO 27001, NIST 800-171/53, including FedRAMP and StateRAMP)

• Hands-on experience in software development security tools

• Deep understanding of SecDevOps, CI/CD pipeline, automation, and orchestration

• Security certifications (CISSP, CEH, GSEC, GCIA...)

• Technical cybersecurity experience in a large software company

• Bachelor's degree in information assurance, electrical engineering, computer science, or management of information systems.