Celestica logo

Software Product Security Engineer

Celestica

Posted 1 day ago

About this role

Full Time Senior Software Product Security Engineer in healthcare at Celestica in Monterrey, NLE, MX. Apply directly through the link below.

At a glance

Work mode
Office
Employment
Full Time
Location
Monterrey, NLE, MX
Experience
Senior · 6+ years
Education
Bachelor's degree

Core stack

  • Infrastructure
  • Supply Chain
  • JavaScript
  • Kubernetes
  • GitLab CI
  • NET Core
  • Incident
  • Security
  • Jenkins
  • Docker
  • Design
  • Remote
  • Azure
  • CI/CD
  • OWASP
  • SQL
  • AWS
  • GCP

Quick answers

  • What are the qualifications?

    Bachelor Degree or consideration of an equivalent combination of education and experience.

  • What skills are required?

    Infrastructure, Supply Chain, JavaScript, Kubernetes, GitLab CI, NET Core, Incident, Security, Jenkins, Docker, and more.

Celestica is hiring for this role. Visit career page

Monterrey, Mexico

Req ID: 133574 
Remote Position: No
Region: Americas 
Country: Mexico 
State/Province: Nuevo Leon 
City:  Monterrey 

General Overview

Functional Area:  Information Technology (ITM)
Career Stream:  IT Solutions (SOLN)
Role:  Specialist (SPE)
Job Title: Specialist, IT Solutions 
Job Code:  SPE-ITM-SOLN
Job Level:  Band 8
Direct/Indirect Indicator:  Indirect

Summary

A Software Product Security role (often called Product Security Engineer or ProdSec) is the bridge between traditional cybersecurity and software engineering. Unlike IT security, which focuses on protecting the company's internal network, Product Security focuses on ensuring the software the company sells or provides is resilient against attacks.

Detailed Description

The Product Security Engineer works directly with DevOps and Engineering teams to bake security into the Software Development Life Cycle (SDLC). The goal is to move security "left"—finding and fixing vulnerabilities during the design and coding phases rather than after the product has launched.

Knowledge/Skills/Competencies

    • Secure Design & Threat Modeling: Reviewing new features before a single line of code is written. You’ll identify potential attack vectors and suggest mitigations.

    • Vulnerability Management: Triaging bugs found via automated scanners, internal audits, or Bug Bounty programs.

    • Security Tooling: Implementing and managing tools like SAST (Static Analysis), DAST (Dynamic Analysis), and SCA (Software Composition Analysis) to catch insecure dependencies.

    • Code Reviews: Performing manual "deep dives" into critical codebases to spot logic flaws that automated tools might miss.

    • Incident Response: Acting as a subject matter expert when a security flaw is exploited in production.

    • Internal Red Teaming: Lead activities to find ways to bypass the logic to alter "Recipe" files or production data.

    Developer Training: Creating "Security Champions" programs to teach engineers how to write defensive code.

Physical Demands

  • Languages

    Proficiency in at least one "product" language (C# (.Net core) , JavaScript, SQL).

    Knowledge

    Deep understanding of the OWASP Top 10 (SQLi, XSS, CSRF) and cloud security (AWS/Azure/GCP).

    Tools

    Experience with Snyk, Checkmarx, Burp Suite, or GitHub Advanced Security.

    Infrastructure

    Familiarity with Docker, Kubernetes, and CI/CD pipelines (Jenkins, GitLab CI).

 

 

Typical Experience

  • 4 to 6 years; Experience in similar roles

Typical Education

  • Bachelor Degree or consideration of an equivalent combination of education and experience.

  • Educational Requirements may vary by Geography

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.

Celestica is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on any protected status (including race, religion, national origin, gender, sexual orientation, age, marital status, veteran or disability status or other characteristics protected by law).
At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.

 

COMPANY OVERVIEW:
Celestica (NYSE, TSX: CLS) enables the world’s best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.

 

Celestica would like to thank all applicants, however, only qualified applicants will be contacted.
Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.
 

Job details

Workplace

Office

Location

Monterrey, NLE, MX

Job type

Full Time

Experience

Senior · 6+ years

Similar

Company

Website

Visit site

Twitter

@celestica_inc

Jobr Assistant extension

Get the extension →