Senior Product Security Engineer - Provo

At Qualtrics, we create software the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform—we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention—but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers.
When you join one of our teams, you’ll be part of a nimble group that’s empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the mic and iterating until the best solution comes to light. You won’t have to look to find growth opportunities—ready or not, they’ll find you. From retail to government to healthcare, we’re on a mission to bring humanity, connection, and empathy back to business. Join over 5,000 people across the globe who think that’s work worth doing.

Senior Product Security Engineer, Platform Security - Provo, UT

Why We Have This Role

Qualtrics operates in an environment where security threats are constantly evolving, making it essential to prioritize security across our operations. The Product Security Senior Specialist plays a crucial role in safeguarding our products and infrastructure against increasing security risks. This individual will support the establishment and maintenance of company-wide security standards, working collaboratively with business units to tackle security challenges. Their contributions are vital in protecting customer data, strengthening the company's reputation, and ensuring that we deliver secure services consistently.

How You’ll Find Success

• Proactive Initiative: Take ownership of security-related outcomes, actively gathering necessary context to work autonomously toward the goals of platform security.
• Effective Communication: Foster trust and collaboration by communicating clearly and effectively across all levels of the organization.
• Security Knowledge: Possess an extensive understanding of security concerns related to products, cloud environments, and infrastructure, providing valuable insights.
• Collaborative Spirit: Build strong relationships across various product teams to propel security initiatives forward and facilitate cohesive security practices.
• Analytical Thinking: Demonstrate sound judgment and problem-solving abilities in addressing complex security issues efficiently.
• Commitment to Learning: Keep pace with the latest trends and developments in security, continuously enhancing your expertise in threat mitigation and security best practices.

How You’ll Grow

• Deepening Security Knowledge: Deepen your expertise in key areas of Product Security Engineering, such as secure coding practices, threat modeling, and vulnerability management, allowing you to tackle increasingly complex security challenges within our product development lifecycle.
• Leadership in Security Initiatives: Take the lead on critical security initiatives, including driving security assessments, code review processes, strengthening your leadership capabilities and making a measurable impact on our security posture.
• Strategic Influence: Collaborate with cross-functional teams to shape and influence security policies and frameworks, contributing to the overall security strategy of the organization and enhancing your ability to drive organizational change.
• Knowledge Development: Remain current with security trends, augmenting your understanding of emerging threats and innovative solutions.
• Innovation and Research: Explore and experiment with new security technologies and methodologies, providing innovative solutions to security challenges and reinforcing your position as a key contributor to the organization’s security advancements.

 
Things You’ll Do

• Work with engineering teams to design and develop applications that incorporate security best principles. Serve as a key stakeholder and driving the implementation of secure coding best practices.
• Configure, monitor, and deploy monitoring and blocking rules on Qualtrics WAF interfaces.
• Expert experience with container security including image scanning, k8s security best practices, and container runtime security.
• Analyze software applications for security vulnerabilities using manual and automated source code review tooling.
• Identify security risks and weaknesses in software architecture by performing application threat modeling.
• Use security testing tools to identify, track, and fix vulnerabilities in applications and enterprise infrastructure.
• Maintain and generate reports on application and infrastructure security posture metrics, KPIs, and vulnerabilities to support enterprise and security architects.
• Coordinate internal pen test engagements with the Red Team and Engineering stakeholders.
• Serve as strategic advisor and thought expert to Engineering teams through multiple channels including application review sessions, threat modeling, and security champions program.
• Own and operate the Qualtrics vulnerability disclosure and bug bounty programs.

What We’re Looking For On Your Resume

• Expert knowledge of cloud security best practices including IaC, as it pertains to hardening a cloud-centric infrastructure.
• Minimum of 5-6 years of recent experience in product security, secure application development, and/or cybersecurity.
• Bachelor's degree from an accredited college or university in Computer Science, Information Technology or Engineering or relevant work experience. 
• Preferred: Advanced technical degree in Computer Science, Engineering, Mathematics, or other technical field from an accredited institution.
• Development experience using either Python, JavaScript, Ruby, Go, or other relevant language; minimum 5-6 years of recent work experience identifying and mitigating security issues in software and knowledge of secure code development best practices.
• Expert knowledge and ownership of SAST, SCA, DAST, and CNAPP tools.
• Experience securing CI/CD pipelines and secure configuration of version control systems.
• Familiarity with and have regularly conducted security reviews using application security frameworks (e.g., OWASP Top Ten).
• Relevant security certifications such as, but not limited to, CISSP, CEH, GWAPT, GPEN, OSCP, GCIH, OSEP.
• Experience evangelizing application security principles and topics through engineering forums, tech talks, etc.
• Excellent communication skills and meticulous attention to detail; experience in designing, analyzing, and conducting threat model assessments of enterprise software and services; penetration testing or red team experience is a plus.

Joining our team means stepping into a role that's vital, challenging, and deeply linked to Qualtrics' aim of reshaping industries by harnessing the power of Experience Management and AI.

Our Team’s Favorite Perks and Benefits

• Wellness Reimbursement for $300 per quarter for wellness activities including gym memberships, spa massages, workout equipment, meditation apps, and much more.
• $1800 Experience bonus to be used for an “Experience” of your choosing
• Amazing QGroup Communities; MOSAIQ, Green Team, Qualtrics Pride, Q&Able, Qualtrics Salute, and Women’s Leadership Development, which exist as places for support, allyship, and advocacy.

The Qualtrics Hybrid Work Model: Our hybrid work model is elegantly simple: we all gather in the office three days a week; Mondays and Thursdays, plus one day selected by your organizational leader. These purposeful in-person days in thoughtfully designed offices help us do our best work and harness the power of collaboration and innovation. For the rest of the week, work where you want, owning the integration of work and life.

Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.

​​​​​​​Applicants in the United States of America have rights under Federal Employment Laws: Family & Medical Leave Act,Equal Opportunity Employment,Employee Polygraph Protection Act

Qualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know.

Not finding a role that’s the right fit for now? Qualtrics Insiders is the one-stop shop for all things Qualtrics Life. Sign up for exclusive access to content created with you in mind and get the scoop on what we have going on at Qualtrics - upcoming events, behind the scenes stories from the team, interview tips, hot jobs, and more. No spam - we promise! You'll hear from us two times a month max with fresh, totally tailored info - so be sure to stay connected as you explore your best role and company fit.