• Product Security Incident Response Specialist

    Job Locations US-NC-Cary
    Requisition ID
    Research and Development
    Visa Sponsorship
    Travel Requirements
  • Overview

    As part of our ongoing commitment to software security, SAS is hiring the best in class talent to assist with the continuing development of powerful and secure analytic software.


    This is a rare opportunity to join a team working directly with various departments while also interfacing with some of the world’s most advanced organizations.  

    This position is for a Product Security Incident Response (PSIRT) Specialist with industry experience to manage and maintain our PSIRT program. As the PSIRT specialist you will be responsible for the investigation and reporting of product security incidents for all SAS product lines.


    You will lead the security incident research and remediation process coordinating across Marketing, Communications, Technical Support, Product Development, Security, Information Technology, Legal, and other appropriate business units. The Product Security Incident Response Specialist is responsible for working product security incidents to full resolution from incident identification through incident resolution.


    Primary Responsibilities:

    • Lead security incidents according to the Product Security Incident Response Policy
    • Work with engineering teams to provide in-depth technical analysis of security issues
    • Triage code defect based issues and quantitatively evaluate risk using industry standard metrics such as Common Vulnerability Scoring System (CVSS)
    • Coordinate PSIRT efforts across multiple business units during response
    • Assist and support task forces regarding product security incidents
    • Validate and maintain the incident response plan and processes used to address potential threats
    • Analyze potential impact of new threats and exploits and communicate risks to relevant business units
    • Compile and analyze data for management reporting and metrics
    • Create accurate, effective and timely communications for internal and external customers, stakeholders, and decision makers
    • Work with customer-facing and internal teams to continually improve processes used to identify and fix product security issues
    • Consult with R&D teams to ensure that security benchmarks, guidelines, and processes are adopted and implemented
    • Assess current practices and work with the security team to implement relevant changes to ensure the maturation of the R&D software security program
    • Foster a culture of security consciousness across the R&D organization

    Essential Qualifications:

    • Bachelor’s Degree in Computer Science, MIS or security-related field
    • Experience in the area of software security in an incident response role
    • Experience with security architecture and design in large software systems
    • Experience with one or more major software development environments in use at SAS: C, Java, web applications
    • Experience with web-based and cloud-native architectures


    • In depth knowledge of system and application vulnerabilities
    • Knowledge of security architecture concepts and industry standards, including topology, protocols, components, and principles
    • Ability to keep abreast with latest threats, attacking techniques and mitigating strategies
    • Familiarity with Agile software development practices
    • Strong communication skills


    • Security-related certifications such as CSSLP, CISSP, or other relevant
    • Experience with BSIMM
    • Experience with threat modeling, penetration testing and security tools 

    SAS looks not only for the right skills, but also for a cultural fit. We seek colleagues who will contribute to the unique culture that makes SAS such a great place to work. We look for the total candidate: technical skills, culture fit, relationship skills, problem solvers, good communicators and, of course, innovators. Candidates must be ready to make an impact.


    Additional Information:

    Equivalent combination of education, training and experience may be considered in place of the above qualifications. To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.


    Want to stay up to date with SAS culture, products and jobs? Follow us on LinkedIn LinkedIn Logo


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share with your networks