At Nielsen, we are passionate about our work to power a better media future for all people by providing powerful insights that drive client decisions and deliver extraordinary results. Our talented, global workforce is dedicated to capturing audience engagement with content - wherever and whenever it’s consumed. Together, we are proudly rooted in our deep legacy as we stand at the forefront of the media revolution. When you join Nielsen, you will join a dynamic team committed to excellence, perseverance, and the ambition to make an impact together. We champion you, because when you succeed, we do too. We enable your best to power our future. ABOUT THIS JOB: Nielsen, the leading company in advertising measurement and outcomes, is searching for an exceptional candidate to build security into our products as a Product Security Engineer. As Nielsen constantly innovates to maintain its leadership in an ever-changing marketplace, this leader will ensure that Nielsen's platforms and applications are built securely. The Product Security Engineer supports secure software development and cloud security through application of security engineering techniques to improve product security posture. This role will lead engagements with product teams focused on identifying component and system level technical risks and evaluating critical failure points. They will determine technical security controls to mitigate risks and work with cross functional teams to implement features according to product road maps. A strong candidate for this role will need to maintain an understanding of dynamic business needs, laser-focus on clear, tangible outcomes, and partner with DevOps teams to productize scalable security controls.
RESPONSIBILITIES:
The Product Security Engineer will serve in a significant role to identify security weaknesses in product designs. In joint collaboration with Product Leadership, DevOps, Engineering, and Data Science teams, the Engineer is accountable for delivering high quality security engineering capability including:
Conducts application and product security reviews including code reviews.
Perform vulnerability analysis of applications, operating systems or networks.
Identifies, documents, and communicates design flaws in products.
Provide leadership for application vulnerability scanning and penetration testing remediation.
Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools.
Discover security exposures and develop mitigation plans, and also report and fix the technical debt.
Actively participate in security initiatives with minimum supervision.
Function as a subject matter expert for security solutions within the organization’s platform.
Contribute to requirement gathering with product teams.
Work together with cross Business Unit teams on executing standardized security solutions and integrations.
Partake in inner sourcing initiatives within the organization.
Perform information technology security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities.
Support a service delivery strategy for product security evaluation and testing including continuous improvement, quality, and customer satisfaction.
Providing expert cybersecurity consulting to internal Nielsen teams.
Maintain an open, collaborative, and consultative culture supported by outreach and education.
Partner with teams early and proactively.
Share knowledge and actively bridge relationships into other verticals in the Cybersecurity organization
QUALIFICATIONS:
2+ years experience in security with 1+ years working in product security.
Demonstrated expertise in software development, DevOps, incident response, digital forensics, reverse engineering, and/or automation.
Experience with utilizing application security tools and techniques.
Understanding of threat attacks, exploitation and data exfiltration.
In-depth experience identifying and managing web application and web service security vulnerabilities including those found in the OWASP Top 10, IoT Top 10, and Sans Top 25.
Understanding of application and product architectures, programming languages, web application stacks, and S-SDLC.
Excellent written and verbal communication skills, with the ability to communicate security objectives and concepts to engineering and business teams.
Strong interpersonal skills; capable of understanding business needs and translating them into architectural standards/diagrams; able to translate complex data and architectural concepts and principles into easily-understanding information by LOBs; ability to design and deliver architectural presentations to IT, senior leadership, and business partners.
Action-oriented with the ability to set priorities and direction.
Service delivery experience in a large product organization.
