Product Security Specialist

Basis**: Permanent - Full-time**

Area of Interest**: Technical Operations**

Location**: Oakville, Ontario**
**Who we are
- Geotab ® is a global leader in IoT and connected transportation and certified “Great Place to Work.” We are a company of diverse and talented individuals who work together to help businesses grow and succeed, and increase the safety and sustainability of our communities.- Geotab is advancing security, connecting commercial vehicles to the internet and providing web-based analytics to help customers better manage their fleets. Geotab’s open platform and Geotab Marketplace ®, offering hundreds of third-party solution options, allows both small and large businesses to automate operations by integrating vehicle data with their other data assets. Processing billions of data points a day, Geotab leverages data analytics and machine learning to improve productivity, optimize fleets through the reduction of fuel consumption, enhance driver safety and achieve strong compliance to regulatory changes.- **:Who you are:
We are always looking for amazing talent who can contribute to our growth and deliver results Geotab is seeking a Product Security Specialist who will review existing/new/proposed products with a variety of source code, dynamic and dependency scanners, manual code reviews and security-based architecture reviews as required. If you love technology, and are keen to join an industry leader — we would love to hear from you
**What you'll do:
As a Product Security Specialist your key area of responsibility will be validating scanner findings by tracing source code for a variety of code bases and provides developer level suggestions for code remediation. You will need to work closely with technical and non technical stakeholders to evaluate results of risk assessments.
**How you'll make an impact
- Review existing/new/proposed products with a variety of source code, dynamic and dependency scanners, manual code reviews and security-based architecture reviews as required
- Manually validates scanner findings by tracing source code for a variety of code bases (C#,.net, Java, js/ts/html, swift, kotlin, python, C, firmware) (Not all Required) and provides developer level suggestions for code remediation.
- Explain risk assessments at both the developer (technical) and management (Non technical) levels.
- Write and maintain scripts/code (bash and python) to generate scan input packages, automate security scanner execution and integrate scanners with CI pipelines and Google Cloud storage and reporting mechanisms.
- Update scanning scripts quickly, and refactor as needed.
- Contribute to secure coding standards (involves developing secure coding training for current and future developers).
- Perform technical writing of assessment reports and vulnerability descriptions for product owners and developers.
- Look at the bigger picture and question whether the coverage is sufficient, and if not make recommendations to address coverage gaps.
- Follow through to prevent things falling through the cracks. Prioritizes work that benefits the team. Escalates issues in a timely manner.
- Support Geotab global strategic initiatives.
**What you'll bring to the role
- 3-5+ years of experience with security evaluation/analysis and security code reviews or relevant development experience
- Bachelor’s degree in Computer Science, Information Management, Engineering or a related field
- Security certifications highly preferred (OSCP,OSWA,OSWE)
- Experience using source code, dynamic and dependency scanners (e.g. Veracode, Fortify, Sentinel, owasp dependency, NetSparker, Qualys etc.)
- Knowledge of programming languages; web service technologies; dependency package managers, and how they are specified in code.
- Able to dive deeply into convoluted or difficult code to evaluate the validity of potential vulnerabilities.
- Competent with Linux, Windows, GCE, bash, python.
- If you got this far, we hope you're feeling excited about this role Even if you don't feel you meet every single requirement, we still encourage you to apply.

**Please note: Geotab does not accept agency resumes and is not responsible for any fees related to unsolicited resumes. Please do not forward resumes to Geotab employees.**
**Why job seekers choose Geotab

Flex working arrangements
Home office reimbursement program
Baby bonus & parental leave top up program
Online learning and networking opportunities
Electric vehicle purchase incentive program
Competitive medical and dental benefits
Retirement savings program
- **The above are offered to full-time permanent employees only**
**How we work