This position will report to the Director of Product Security in the Cybersecurity group. As the company invests further in this area, there is room for innovation and growth for a hands-on, collaborative and energetic individual. The candidate will work with our flagship products such as Wall Street Journal, Marketwatch, Barrons, Factiva and DNA.
Location: Barcelona, Spain
Serve as the security SME for product development engineering teams
Help build, maintain and execute a strategy to secure our customer-facing products.
Partner with product development engineering teams to ensure that products are “secure from the start” through an Agile Secure Development Lifecycle
Partner with the business to understand the needs and demands of our customers and the marketplace. Able to develop security standards and practices that ensure products are built to meet those needs
Work with product development engineering teams to address security findings and negotiate priorities for these to be released
Provide visibility around product security weaknesses to the business
Perform threat models of products
Work alongside technical leadership to ensure secure architectural patterns are being used
Develop security requirements and stories
Work with software engineers to design preventative and/or detective controls for specific security issues
Work with engineering teams to build reusable security components
Help proliferate the use of automated security tools, that are maintained by the product security team into the continuous integration and development environment to identify security issues quickly
Work with members of Cyber Defense to integrate security monitoring of products
Work with members of the application security/penetration testing team to perform security testing and work with project managers to prioritize any identified issues
Collaborate with the application security team to design and execute a security champions program within the product engineering teams aimed at instilling security into the culture of product engineering
Lead conversations about security with prospective & current customers alongside the business and sales team
Develop security material (brochures, white-papers) for consumption by customers showcasing the security of our products
Skills & Experience:
Experience with design and architecture using modern secure design patterns
Experience with cloud best practices and security - AWS, GCP, Azure
Experience in one or more of the following modern languages/frameworks - Node.js, PHP, Java, C#, Python
A strong understanding of modern development processes including agile development
Strong knowledge of application security topics such as authn, authz, encryption, session management, federation, encryption
Ability to communicate complicated technical issues and risks to engineers, project managers and product managers
Extensive experience with application security tools like code scanners, dynamic analysis tools
Familiarity with security related certifications such as PCI, ISO27001
Strong understanding of public application security projects such as OWASP, BSIMM
Expert knowledge with Information Security frameworks and fundamentals including ISO 27001, NIST, Lockheed Killchain and MITRE ATT&CK-based analytics
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, 10-12 years of experience in information security or related technology experience required
Dow Jones , Making Careers Newsworthy
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status. EEO/AA/M/F/Disabled/Vets .
Dow Jones is committed to providing reasonable accommodation for qualified individuals with disabilities, in our job application and/or interview process. If you need assistance or accommodation in completing your application, due to a disability, please reach out to us at TalentResourceTeam@dowjones.com . Please put “Reasonable Accommodation" in the subject line.
Business Area: TECHNOLOGY - INFORMATION SECURITY
Job Category: IT Development Group
Since 1882, Dow Jones has been finding new ways to bring information to the world’s top business entities. Beginning as a niche news agency in an obscure Wall Street basement, Dow Jones has grown to be a worldwide news and information powerhouse, with prestigious brands including The Wall Street Journal, Dow Jones Newswires, Factiva, Barron’s, MarketWatch and Financial News.
This longevity and success is due to a relentless pursuit of accuracy, depth and innovation, enhanced by the wisdom of past experience and a solid grasp on the future ahead. More than its individual brands, Dow Jones is a modern gateway to intelligence, with innovative technology, advanced data feeds, integrated solutions, expert research, award-winning journalism and customizable apps and delivery systems to bring the information that matters most to customers, when and where they need it, every day.
If you are a current employee at Dow Jones, do not apply here. Please go to the Career section on your Workday homepage and view "Find Jobs - Dow Jones." Thank you.
Req ID: 19874