MoveTheWorldForwardTogether

When you join Verizon

Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

As a Principal Security Engineer, you will work with a global security team that keeps our enterprise-class cloud service secure from a variety of threats. We are looking for an individual contributor who is passionate about information security and helps create a culture across the entire company that is security conscious. You will work closely with engineering teams to build security into the product early in the SDLC. You will also help with Operational Security aspects which will include interpreting results from periodic vulnerability scans on the corporate and data center infrastructure, monitoring application security using Log Analysis or SIEM tools and coordinating and triaging quarterly penetration test results on the product and identifying actionable incidents to address in the infrastructure and in the product.

  • Be a member of our global security engineering team responsible for securing our cloud service.
    Engage early on with engineering teams in the software development lifecycle (SDLC) to ensure that designs and implementations follow security best practices.
  • Think like a hacker and have a keen eye for spotting STRIDE-based vulnerabilities in design and implementations.
  • Perform Proof of Concept for Security features working closely with the engineering teams and proactively follow through to successful implementation in the product.
  • Utilize vulnerability scanning and application/infrastructure monitoring tools effectively to improve the Organization’s security posture.
  • Coordinate internal and 3rd party app security, penetration testing and bug bounty programs. Reproduce reported security bugs and work with Engineering to address them timely without side effects.
  • Work closely with Operations, IT, Support and Engineering teams to monitor and remediate security incidents.
  • Participate in compliance efforts when necessary.
  • Assist Sales and Sales Engineering with RFP responses related to product security when required.
  • Be a role model to create a culture of security in the company.

Where you'll be working...
In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

What we’re looking for...

You’ll need to have:

  • Bachelor’s degree or four or more years of work experience.
  • Six or more years of relevant work experience.
  • Five or more years of software development experience with security focus or as an application security engineer.
  • Experience designing and securing applications involving Public Cloud like AWS, Azure, Google Cloud, etc.
  • Programming experience in C/C++, Java or Ruby.
  • Experience as a Security Engineer in an Enterprise SaaS-based products company

Even better if you have one or more of the following:

  • Experience with Shell Script/JavaScript programming.
  • Knowledge of Transport Layer protocols such as TCP/TLS and Application layer protocols such as HTTP, SIP and SRTP.
  • Ability to think outside the box and can come up with good threat models for a design and misuse cases to validate it.
  • Knowledge of the latest OWASP Top 10 and SANS Top 25 vulnerabilities and the corresponding mitigation techniques.
  • Knowledge on Attack adversary based on MITRE ATT&CK framework.
  • Exposure to compliance certifications such as SOC2 or ISO 27001.
  • Knowledge of Networking and Perimeter devices such as F/W, Load Balancers, Routers and Content Filters.
  • Experience with tools from 3rd party vendors such as Tenable, Rapid7, Qualys, Whitehat and/or open source tools such as Nessus, Metasploit, Burp Suite, and Nmap.
  • Ability to maintain a flexible work schedule to enable interactions across multiple time zones with remote teams.

Diversity & Inclusion

We're proud to be an equal opportunity employer. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.

COVID-19 Vaccination Requirement

Please note, in countries where there is a COVID-19 related government order or rule, Verizon is required to ensure that all employees accessing our workplace comply with these mandatory requirements. If you work in one of these locations, you will be required to provide us with your vaccination status prior to joining. If this, or any other COVID related requirement applies in your location, we will notify you about this before you start work.