Product Security Engineer

ADTRAN in Gdynia is seeking a Product Security Engineer for Mosaic Network Controller network management system.

Our system manages WDM Optical, Ethernet, and Synchronization and Timing networks, ensuring our customers' success in operating their solutions. Our solutions are used globally by Tier 1 Network Service Providers, Regional Service Providers, Data Center Operators, and various Enterprises that prioritize system security, network speed, performance, and reliability.

Tech stack:

• Java 17 as core language (using Spring, Spring Boot, Jetty, JUnit).
• Kafka and JMS for messaging.
• Node.js (JS and TypeScript) as middleware.
• React for Web front-end services.
• JavaFX for installable client application.
• Docker Swarm for deployment orchestration.
• Gradle for build process and dependencies management.
•  Team City for CI.

As a Product Security Engineer, you will join our Software Architecture and Delivery Engineering team, which designs and supports the deployment of solutions across various teams and technologies. You will collaborate closely with Software Engineers worldwide, as well as System Design Authorities (responsible for product specifications), Product Owners, Product Line Managers, and Product Security Incident Response Team.

We are excited to welcome you to our team and look forward to developing our Mosaic Network Controller with you on board.

Duties and Responsibilities

• Manage response to reported product security incidents (detected internally or by customers).
• Prepare analysis and risk assessment for product security issues.
• Support customers security audits.
• Assure Security Tests are embedded into product development process.
• Support definition and prioritization of the work cascaded to development teams in context of Secure System Design.
• Sharing knowledge and experience with development teams regarding Product Security.
• Prepare Security reports based on executed tests and vulnerabilities status. 

Basic Qualifications 

• Bachelor’s degree in computer science, Computer Engineering, Software Engineering, Computer Information Science, Electrical Engineering, or equivalent education required.
• At least 4 years of experience with IT R&D products development.
• Proven professional experience with the development of software products security.
• Good understanding of DAST, SAST, Pen Tests.
• Experience in working with SCA tools and Security Scanners (i.e. Black Duck, Trivy, Grype, Nessus, Defensix, nmap, CIS Benchmark Scan)
• Good understanding of CVEs and ability to assess of impact on developed product.
• Good understanding of OS and containers hardening (practical experience in this aspect will be advantage).
• Experience in processes definition and introduction into organization.
• Ability to manage your own tasks and priorities efficiently.
• Strong coordination skills in handling tasks delegated to external teams.
• Excellent teamwork abilities and effectiveness in cross-site communication.
• At least B2 English and B2 Polish proficiency level.

Preferred Qualifications  

• Good understanding of Continuous Integration and Continuous Deployment (CI/CD) aspects.
• Ability to utilize SBOMs and OpenAPI for security testing.
• Ability to automate the tasks (preferred hands-on experience with Python and bash scripting).
• Experience in developing containerized applications (Docker or equivalent).
• Experience in developing web-based applications.
• Understanding of containerized applications composition, deployment, and orchestration.
• Basic knowledge of telecommunication networks or device management applications would be advantage.

Compensation and Benefits

• Stable employment conditions based on an employment contract (turnover rate below 4%)
• 1 additional vacation day for all, and 1 extra after 10 years being with us.
• Flexible working hours and possible hybrid work
• English lessons during working hours
• Internal training program to support your training needs.
• Paid employee referral program.
• Multisport Card
• 3% employer contribution to PPK
• Private Health Care at Medicover (extended package for employees and possibility to enroll family members)
• Strong collaborative and friendly work culture
• Access to various sports activities and events
• Modern office (well-equipped gym and playroom) close to the SKM/PKM stations