Product Security Officer

Extreme Networks Named to Computerworld’s 2023 List of Best Places to Work in IT! Over 50,000 customers globally trust our end-to-end, cloud-driven networking solutions and rely on our top-rated services and support to accelerate their digital transformation efforts and deliver progress like never before and with double digit growth year over year, no provider is better positioned to deliver better outcomes on scale, than Extreme.

We believe in walking the walk of our strong core values which enable us to successfully advance together. Diversity and Inclusion is a vital part of our values and beliefs, and we’re proud to foster an environment where every Extreme employee can thrive.

Come become part of something big with us! We are a global leader, with hubs in North America, South America, Asia Pacific, Europe, and the Middle East.

Role Objective Extreme Networks is seeking a Product Security Incident Response Team (PSIRT) Member to join the Information Security team to support the Product Incident Response process.

The role will be supporting Extreme as we continue to support our customers, both in terms of product support and managing the cyber risks all the way through the supply chain The successful candidate for this position will need to : -Be able to understand and analyze publicly disclosed vulnerabilities, distilling down to determine any possible impact.

Play a pivotal role in safeguarding our organization’s products and services against security threats. You will collaborate with cross-functional teams, respond to security incidents, and contribute to the overall security posture of our offerings.

Main Responsibilities : Product Incident Response Team Ability to interpret customer requests and publicly disclosed vulnerabilities to core constituent elements Monitor, manage and track internal follow-up questions per incident process Interpretation of technical engineering answers for validity Work with engineering and product teams to understand issues, validate responses and remediation plans Follow-up and track on action plans as appropriateIncident Response : Investigate and respond to security incidents related to our products.

Analyze vulnerabilities, exploits, and threats. Coordinate with internal teams and external partners during incident resolution.

Vulnerability Management : Monitor security advisories and vulnerability databases. Assess the impact of vulnerabilities on our products.

Develop and execute mitigation strategies. Security Advisories and Communications : Draft security advisories for affected products.

Communicate security-related information to customers, partners, and stakeholders. Maintain transparency and provide timely updates during incidents.

Threat Intelligence : Stay informed about emerging threats and attack techniques. Collaborate with threat intelligence teams to enhance our defenses.

Contribute to threat modeling and risk assessments. Collaboration : Work closely with development, engineering, and quality assurance teams.

Participate in security reviews and design discussions. foster a security-aware culture within the organization. Documentation : Maintain accurate records of incidents, investigations, and remediation efforts.

Create and update security procedures, playbooks, and guidelines. Continuous Improvement : Identify areas for process improvement within the PSIRT.

Enhance incident response procedures and workflows. Requirements -Bachelor of Science in fields of computer science or engineering (or equivalent experience)-Network solutions focused on IP Fabric (BFP, EVPN, VXLAN), transport technologies (BGP, MPLS / VPLS, Segment Routing), and Network Packet Broker Solutions-Ability to collaborate to develop an offering of exceptional design, quality, and experience and jointly improve our competitive advantage.

Experience with design or design research, and a history of building strong relationships with designers and engineers to deliver solutions that solve complex problems-CISSP or equivalent security qualification-Experience with vulnerability and compliance assessments-Must have strong planning and organizational skills-Ability to grasp complex concepts and be both a big picture thinker and maintain a strong attention to detail-Excellent communication and writing skills;

accuracy and consistency are important-Ability to understand technical jargon and communicate easily to the average user and system engineers-Must be a US Citizen -Maintain confidentiality of information-Must be able to prioritize projects, maintaining a sense of urgency to meet deadlines.

• Must possess the ability to follow verbal and written directions-Must be a self-starter and able to work well in independently and in Team-Must be able to use critical thinking skills and judgment-Must be able to work positively and professionally with a wide range of personalities Nice to have -Experience with development tools Jira, GitHub, Artifactory-Experience with automation and integrations Teams, Jira, Jenkins-Understanding and experience with coding languages C / C++, Golang, Java, JavaScript, Python-Understanding of Secure Software Development Life Cycles (SDLC / SSDLC)-Security Certifications such as FIPS, Common Criteria, DoDIN APL
30+ days ago