Sr Product Security Engineer - Application Security

Medallia’s mission is simple: to create a world where companies are loved by customers and employees alike. Hundreds of the world’s best-loved brands trust Medallia’s Software-as-a-Service application to help them capture customer feedback everywhere the customer is (on the phone, in store, online, mobile), understand it in real-time, and deliver insights and action everywhere—from the C-suite to the frontline—to improve their performance. Founded in 2001, Medallia is growing quickly with more than 1000 employees globally in Silicon Valley, New York, London, Paris, Sydney, Buenos Aires, Austin, Washington D.C., and Tel Aviv. 

We at Medallia feel very strongly about protecting our clients’ information, and are looking for like-minded engineers to solve complex security challenges while enabling the rapid growth of the business globally. This Product Security role is a key role to building security into the development lifecycle of our product portfolio, and offers tremendous growth opportunities at a security conscious company on a high growth trajectory.

Some of the biggest names in Global 2000 organizations rely on Medallia to drive business innovation and customer experience. As Medallia becomes a trusted partner to organizations across the globe and spanning several industry verticals, it is more important than ever that we continue to stay a step ahead in securing our applications, services and data. The Senior Product Security Engineer role will work closely with our global engineering teams and ensure that we build secure and robust software in the world of DevOps and Agile. We are looking for a candidate who is passionate about security, has a strong technical background and loves creating innovative solutions to challenging problems.

Responsibilities

  • Perform application security assessments including architecture review, threat modeling, code review and penetration testing, on both web (Java) and mobile (iOS, Android, and React Native) platforms
  • Assist and enable engineering teams to adopt secure development practices
  • Provide software security advice to cross-functional teams including product, engineering, and services
  • Work closely with engineering and product teams to drive security issues to resolution
  • Develop software security guidance including training material, best practices, secure coding checklists, reuseable code, etc.
  • Automate security testing at scale by building and implementing static and dynamic analysis tools, integrating security into the software development lifecycle
  • Employ knowledge and deep understanding of threat landscape, SaaS industry, and customer feedback to drive the pipeline of impactful security features

Minimum Qualifications

  • 3-5 (5+ preferred) years’ experience with software security assessments and remediation in Java
  • Drive to take ownership of projects and drive resolution without close supervision
  • Strong skills in at least two of the following areas: architecture review/threat modeling, penetration testing, and static code analysis automation
  • Hands-on experience with tools and technologies used throughout secure SDLC (e.g., Checkmarx, Fortify SCA, Coverity, AppScan Standard/Enterprise, WebInspect, Burp Suite)
  • Independent problem solving capabilities and excellent communication skills

Preferred Qualifications

  • Knowledge of OSS scanning tools like Black Duck, SRC:CLR, Codenomicon AppCheck a plus
  • Knowledge of mobile development frameworks a plus (e.g., iOS, Android, React Native, Redux)
  • Knowledge of popular web development frameworks a plus (AngularJS, React, Redux, Velocity, StringTemplate, jQuery, Jackson, THRIFT, etc.)
  • Proficiency with Python, Ruby, or other scripting languages a plus
  • Knowledge of microservices architecture and containers a plus



At Medallia, we don’t just accept difference - we celebrate it and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. Equal opportunity and consideration are afforded to all qualified applicants and employees. We won't unlawfully discriminate on the basis of gender identity or expression, race, ethnicity, religion, national origin, age, sex, marital status, physical or mental disability, Veteran status, sexual orientation, and any other category protected by law.

Medallia is committed to working with and providing reasonable accommodation to applicants with disabilities in accordance with the American Disabilities Act and state disability laws.

Meet Some of Medallia's Employees

Natalie N.

Sales Development Representative

Natalie works on the Inside Sales Team to find new customers interested in partnering with Medallia. She helps these partners improve customer experience at their respective companies.

Shwetha S.

Senior Manager, Implementations

Shwetha works with a portfolio of Medallia clients to design and implement the best customer experience programs. She works to maximize client results and make a real change in their customer experiences.


Back to top