Senior Engineer - Product Security College Board - Technology Remote About the Team The College Board Product Security team is close knit and enthusiastic group of technologists with a thirst for knowledge in all things Security and Cloud. We collaborate closely daily to investigate and solve problems and have strong alignment with our Product Teams in order to be a step ahead in securing the organizations suite of Products. We are an agile organization, embracing DevSecOps and cloud-native systems, and are focused on improving speed and security of service delivery in support of our important mission. Our team is committed to diversity and inclusion, and we work to ensure everyone on the team has a voice. We hire great people from a wide variety of backgrounds and experience. About the Opportunity Our College Board Product Security Engineers work closely with Information Security, Governance and Compliance and Product teams to achieve product and security business objectives. They support the implementation of secure development practices, threat modelling, architecture, design, vulnerability assessments and security verification, as well as defining the security standards and managing operations for a variety of products and security tools. In this role, you will frequently interact with a variety of stake holders in Technology and on the Business side to provide hands on risk remediation or recommendation solutions, including secure patterns and mitigation strategies. You will understand our product landscape and propose, and drive to implementation, new innovative security solutions, updates to existing solutions, negotiate alternative options and build technical and release roadmaps. As a Senior Engineer, you will lead and mentor junior team members supporting their growth and development in Product Security concepts, tools and best practices. In this role, you will: * Partner Program - Partnership Development (50%) * Act as a liaison between Product Security teams (both in IT and outside of IT) and the Information Security Office via regular engagements with assigned Partner teams. Embed into planning and grooming sessions. * Develop deep understanding of our Security Policies and Audit requirements in order to support assigned Partner teams, GRC Exceptions and Audit efforts (PCI, SOC2, ISO27001, GDPR, State Contract requirements) * Create Threat Models and Risk Registers for your assigned products and communicate application risks and vulnerabilities to technical stakeholders. * Lead application vulnerability reviews and remediation efforts. Develop deep skill sets in understanding, managing and determining exploitability of vulnerabilities to properly determine risk and priority. * Work to gain a deep understanding of your assigned products' architectures, Supply Chain (Vendors, Partners, Third Party) Development Practices, CI/CD, GRC Exceptions, Release cadence in order to understand and support mitigation of security risks. * Lead efforts to mentor developers through discussions, presentations, or hands on training sessions to demonstrate best practices in developing secure code and securing application infrastructure. * Ensure all assigned products and applications adhere to the Product Security Framework requirements and work to remediate any gaps. * Elevate Product Security 25% * Drive and lead efforts to promote, grow and enhance the Product Security Partners program to develop Security Champions and enable dev teams to shift left. * Lead development of innovative guidance and training sessions to grow Product Team's Secure Development LifeCycle skills and awareness and cultivate a culture of Product Security * Coach product teams and junior team members on performing secure reviews o To view the full job description,