Senior Product Security Engineer II - Elsevier

Key Responsibilities

• Integrate security tooling and automation (SAST, DAST, secret scanning) into CI/CD pipelines to ensure continuous protection.
• Partner with development squads to provide secure‑by‑design guidance, threat models, and remediation recommendations.
• Develop reusable security libraries, scripts, and infrastructure‑as‑code modules for consistent protection across products.
• Conduct security reviews, code audits, and risk assessments for new features and architectural changes.
• Drive security awareness and training initiatives, fostering a culture of shared responsibility.

Requirements

• 5+ years of experience in application security or DevSecOps, with hands‑on expertise in Python and CI/CD tooling (Jenkins, GitHub Actions, GitLab CI).
• Deep knowledge of cloud security concepts, preferably AWS, and experience securing containerized workloads.
• Proven ability to create threat models, perform risk assessments, and guide remediation across the software development lifecycle.
• Familiarity with static and dynamic analysis tools, secret detection, and infrastructure‑as‑code security best practices.
• Strong communication skills to collaborate with cross‑functional engineering teams and influence security decisions.