Principal Security Engineer

Your opportunity

If you believe security should be a collaboration with engineers and the business instead of conflict and enjoy establishing trusted partnerships with others to ensure security is a natural byproduct of existing processes, joining the New Relic Security Assurance organization may be for you. Our Security Assurance teams are responsible for the overall security posture of New Relic's products, services, cloud infrastructure, and enterprise systems. We partner with engineering teams early and throughout the development process to ensure the delivery of secure solutions that keep customer and employee data safe by default.

To increase our existing support to our Engineering partners, we are seeking to hire a Security Architect to join our team.

What you'll do

• Partner with Engineering Teams on highest-priority company initiatives in the project ideation and design phases to proactively deliver security requirements and ensure their inclusion in implementation plans.
• Develop relationships and influence among Engineering Architects and Senior Leadership, establishing yourself as a trusted advisor and security authority with deep understanding of their roadmap and priorities.
• Lead execution of key projects with cross-organization impacts.
• Create practical reference architectures, design patterns, and security controls to accelerate Engineering efforts and ensure that solutions align with industry best practices and regulatory requirements.
• Develop and maintain security standards to provide consistent direction to Engineering teams and enable self-service.
• Create multi-year, organization-wide security strategies and roadmaps and champion their implementation.
• Assess, articulate, and escalate critical security risks and recommendations for mitigation.
• Mentor security engineers at all levels throughout the enterprise to assist with their technical skill development and career growth.

This role requires

• Bachelor's degree in Computer Science or equivalent practical education and experience.
• 8-10+ years experience in security, software engineering, cloud/infrastructure engineering, and/or IT administration.
• Demonstrated experience with cloud and web application security assessment.
• Experience securing applications built in Azure, AWS, or Google Cloud.
• Confidence in navigating ambiguity and identifying innovative solutions with minimal direction.
• Ability to explain and advise on security design and implementation of complex security problems, including the ability to dive into code reviews with developers.
• Demonstrated ability to work autonomously with a bias for action, critical and creative thinking, while also being an effective member of a team.
• Inclusive communication skills that effectively align and create clarity; you will communicate with technical and nontechnical audiences at all levels of the business from individual contributors to executive leaders, and you will boldly advocate for security and escalate risks where appropriate.

Bonus points if you have

Our team focuses on diversity of all types, and strives to hire people with different experiences and perspectives. To that end, we know that no individual has every desired skill and experience, but it is all of us together which make the team strong.

• Highly proficient with SDLC frameworks and delivering security reviews including code review, threat modeling, static and dynamic analysis (SAST, DAST), and attack surface analysis.
• Previous experience authoring formal security policies, standards, and/or standard operating procedures (SOPs).
• Programming and/or vulnerability research experience in one or more languages (such as: Ruby, Java, Go, Python).
• Penetration testing or red team experience is helpful but not required.