It is our people behind life’s passions who will make the big difference. If you are interested in becoming part of a company that delivers market leading products, driving your own career and working with brands committed to active lifestyles, then you’ve found your fit.  

Have what it takes? Join us.

PLEASE NOTE: Brunswick will never ask you to pay any money to participate in the interview process and will not require that you provide sensitive information such as credit card or bank account information.  

We have recently become aware of certain efforts by cyber criminals who are publishing and promoting fake job listings on third party websites, such as Craigslist and Indeed, by pretending to be actual Brunswick employees.  To help ensure you don’t fall victim to any of those scams, never disclose sensitive information as mentioned above.  All job offers will come to you via the candidate portal you create when applying to a posted position through https://www.brunswick.com/careers.  Only after accepting an offer through this portal will you be asked for SSN and DOB.  If you are ever unsure or want to ask any questions, please contact the Brunswick HR Shared Service Center at 866-278-6942 or HRSharedServices@brunswick.com.

Brunswick’s Cybersecurity Team is looking to hire a Senior Application & Product Security Engineer to work closely with development teams, product managers (PM), external security firms, and third-party development groups to ensure that digital products produced by or for Brunswick are secure. The role of the Application & Product Security Engineer at Brunswick is to prevent potential attacks, secure sensitive information, and to increase customer and brand confidence.

The role reports to the Director, IT Risk and Compliance, and sits within the Department of the Chief Information Security Officer (CISO).  The role is remote and some travel is required to meet with Product Engineering Teams at Brunswick locations throughout the United States.

Responsibilities

• Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
• Own and perform application security vulnerability management.
  • Enroll new applications in contracted scanning platform
  • Coordinate automation opportunities with Cloud Engineering
  • Ensure quarterly scans of digital products and experiences are performed as per policy
  • Gather quarterly metrics
  • Lead weekly call with external scanning partner
  • Support Quarterly Program Reviews
  • Manage relationship with Cloud Engineering to ensure automation
• Manage remediation and mitigation of security vulnerabilities
  • Facilitate and support remediation work of development teams.
  • Ensure appropriate remediation timelines are being met.
  • Ongoing review and assessment of scan results
  • Coordination with application teams to plan 3rd party library code upgrades
• Support and consult with product and development teams in the area of application security.
  • Lead quarterly Office Hours
• Coordinate external application testing engagements with external security firm(s)
• Work with product design engineering teams designing customer-facing product solutions to ensure that product security configurations and connectivity are secure
• Manage relationship with external researchers reporting application and product security vulnerabilities
• Serve as internal subject matter expert in the area of application security, providing guidance and support to Cybersecurity’s CIRT, Controls & Compliance, IT Risk teams
• Product Security Incident Response Team (PSIRT), a function of Product and Application Security. This role will support the day-to-day vulnerability response process, as well as efforts to implement best practice methods, processes, tools and drive continuous improvement initiatives aimed at unifying, simplifying, scaling and increasing the efficiency
•  Manage the end-to-end workflow for handling and responding to external vulnerability reports, working with Product and Application Security staff, engineering and support organizations Utilize defined tools and resources to monitor security vulnerabilities and proactively triage both internal and external vulnerability reports Publish and maintain security advisories and knowledge base articles across various Product and Applications
• Support implementation of best practice methods, processes, tools and continuous improvement initiatives aimed at scaling and increasing the efficiency of cross brand PSIRT processes
• Execute projects to a successful outcome; working with business leaders and process owners to realize the goals of projects Identify, escalate and ensure resolution of issues impacting successful execution of projects Manage against defined process timelines and requirements; and drive consistency and standardization of defined processes Present and communicate status to business stakeholders and functional management

Requirements

• Familiarity with common security libraries, security controls, and common security flaws.
• Basic development or scripting experience and skills.
• Experience with OWASP, static/dynamic analysis, and common security tools.
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
• Product vulnerability management
• Familiarity with cloud security controls and best practices.
• Experience working with developers.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Experience, specifically in Security Operations, Product Security, Product Security Incident Response (PSIRT), Risk Management or Information Systems
•  Good understand of importance of security and its business impact
• Strong project management skills: planning, organizing, monitoring and reporting on project activities

We recognize that people come with a wealth of experience and talent beyond just the technical requirements of a job. If your experience is close to what you see listed here, please still consider applying. Diversity of experience and skills combined with passion is a key to innovation and inspiration. Therefore, we encourage people from all backgrounds to apply to our positions. Please let us know if you require accommodations during the interview process.

Equal Opportunity Employer: Minorities/Women/Protected Veterans/Disabled

EEO is The Law - click here for more information

Brunswick and Workday Privacy Policies

Brunswick does not accept applications, inquiries or solicitations from unapproved staffing agencies or vendors. For help, please contact our support team at: hrsharedservices@brunswick.com or 866-278-6942.

#Brunswick Corporation