Product Security Engineer

Ciena is committed to our people-first philosophy. Our teams enjoy a culture focused on prioritizing a personalized and flexible work environment that empowers an individual’s passions, growth, wellbeing and belonging. We’re a technology company that leads with our humanity—driving our business priorities alongside meaningful social, community, and societal impact.
Not ready to apply? Join ourTalent Communityto get relevant job alerts straight to your inbox.

Why Ciena: 

• We are big proponents of life-work integration and provide the flexibility and tools to make it a reality with remote work and potentially, part-time work.
• We believe an inclusive, diverse and barrier-free work environment makes for empowered and committed employees.
• We recognize the importance of well-being and offer programs and benefits to support and sustain the mental and physical health of our employees and their families and also offer a variety of paid family leave programs.
• We are committed to employee development, offering tuition reimbursement and a variety of in-house learning and mentorship opportunities.
• We know that financial security is important.  We offer competitive salaries and incentive programs, RSU’s (job level specific) and an employee share option purchase program.
• We realize time away to recharge is non-negotiable.  We offer flexible paid time off!
• Great work deserves recognition. We have a robust recognition program, with ongoing and enhanced awards for exemplary performance.

How You Will Contribute: 

As a security expert within Blue Planet’s Common Services team, you will be in position to influence the security of all of Blue Planet’s products.  We are looking for someone who can guide engineering teams through all aspects of secure SDLC.  You will be advocate, architect, and advisor for product security.

• Work closely with Security Champions within each product team
• Build threat models and conduct risk assessments
• Guide the integration and automation of tooling as part of the shift-left security strategy
• Review scan results and advise on impact
• Assess emerging vulnerabilities and aid in mediation and remediation

Must Have:

• Have 7+ years of exp and strong understanding of Web application security, including good knowledge of OWASP top ten issues
• Expertise in secure development practices, testing, and techniques.
• Experience with security tools (SCA, SAST, DAST, fuzz)
• Knowledge of Threat modeling
• Ability to communicate security concerns to a diverse audience

Good to Have

• Security certifications (e.g. GIAC, C|EH, OSCP, CISSP).

#LI-FA