• Principal Product Security Engineer

    Job Locations US-IL-Chicago | US-GA-Alpharetta | Other
    Requisition ID
    Research & Development
  • What's the role?

    Join our fast growing international team in this highly visible Business enablement role in which you will become part of the HERE Security, Privacy and Continuity (SPC) team.


    You will be working with the Services organization to help them develop Location Based Services that comply with Intenal here policies as well as applicable regulations and legislation. The Principal Product Security & Privacy engineer will serve as the primary security point of contact (SPOC) for product teams.


    this is a hands-on position responsible for improving the security of here products and services. Working with our technical security and software development partners, you will assess product security and facilitate software security and data protection activities within the software development and operations teams. you will contribute to developing and guiding a decentralized community of practice of developers who are passionate about security. you must be a strong communicator, able to form a feedback loop between security and product development


    You must be able to work in international and multi-cultural virtual teams, identify the needed/missing capabilities and contribute in application security training, awareness and competence development by creating and maintaining a security community in the HERE Services organization.



    • Evaluate product security maturity and work with product teams to develop a prioritized backlog for improving security
    • Contribute to developing, maintaining and improving a SECURE SDLC.
    • Facilitate threat modeling, architectural analysis, secure code review and other software security and data protection activities
    • Fevelop a center of excellence comprised of appsec and privacy champions within product development and operations to share best practices and scale security & privacy competencies and awareness
    • Work with Technical security team to evaluate product and environment for potential risk and vulnerabilities
    • Provide consulting and guidance on the security review programs and processes
    • Curate a library of baseline and role specific security and privacy training
    • Contribute to security testing activities including security tooling and ci/cd integrations and test content
    • Evangelize software security and privacy practices through thought leadership
    • Implement a software security maturity model to measure here products and services against our industry peers and track progress over time
    • Ensure security go-live requirements are met
    • Develop relevant policies, standards, procedures and guidelines thus contributing to HERE governance, risk and compliance area on Security, Privacy and Continuity related topics

    Who are you?

    As a leader in Secuirty you are self-motivated with the ability to work independently in a global team with minimal direction. Having a BSc or higher degree in Computing Science, or equivalent experience you have a strong working knowledge of Security Architecture and Secruity Assurance Process. 

    • Strong knowledge of information security principles, best practices, architectures, tools and processes
    • Strong understanding of application and infrastructure security tools, processes, and organizations.
    • Experience in defining and writing policies, standards, procedures and guidelines
    • Knowledge of relevant information security standards e.g. ISO 27001
    • Knowledge of software and network architecture and standards
    • Ability to understand business drivers and priorities, and integrate these requirements into overall security design
    • Understanding of web technologies and vulnerabilities such as SSL/TLS, REST, HTTP, OWASp, etc
    • Experience in secure application development and typical design patterns especially when applied in agile environments targeting for rapid production updates.
    • Ability to communicate security objectives orally and in writing to both a technical and non technical audience.

    Expertise/skills preferred

    • Experience in defining, developing, maintaining and supporting a SDLC in agile / continuous delivery mode organization is a strong plus.
    • Professional security certifications like CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor / Lead Implementer or similar are a plus
    • Experience with ISO 27001 standard implementation is a plus
    • Some background in Java, C/C++, Python, Ruby, or other modern programming languages is a plus
    • Experience in secure code reviews is a plus

    Who are we?

    Ever checked in somewhere on social media? Ever tracked your online orders? You might be using HERE Technologies every single day without even realizing it. You can find us everywhere: in vehicles, smartphones, drones or third-party apps. We believe that with the right people, we will continue to be a game-changer in the technology industry and improve the daily lives of people around the world. Find out more by clicking the video below or going HERE.



    What Do We Offer?

    • An opportunity to work with extraordinary engineers
    • Challenging problems to solve
    • Work that makes a difference in the world
    • Freedom to decide how to perform your work
    • Variety in the types of projects you work on
    • Feedback so you will know how well you are doing
    • Collaborative, Supportive Colleagues

    Equal Opportunity Employer: Race/Color/Sex/Sexual Orientation/Gender Identity/Religion/National Origin/Disability/Vets.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Need help finding the right job?

    We can recommend jobs specifically for you! Click here to get started.