Are you passionate about cybersecurity compliance and software auditing? Are you interested in driving adoption of standards and practices to improve product security? If yes, we'd love to talk to you.

Our internal Quality Assurance function is looking for a detail-oriented and enthusiastic Senior Product Security QA Engineer to drive audit efforts within MathWorks to improve compliance to industry standards for product security. In this role, you will work with various stakeholders to improve internal security controls and compliance with product security practices through periodic internal auditing.

Responsibilities

• Develop and execute internal audit plans to periodically assess compliance to industry frameworks for product security, maintain internal audit reports, and track remediation.
• Enable management oversight through clear and effective periodic internal audit reporting to teams and senior stakeholders.
• Make practical recommendations to improve security practices and increase the strength of the overall control environment.
• Perform periodic reviews of application threat models, data security plans and vulnerability assessments to ensure compliance with security standards and processes.
• Work with Product Security Team to increase adoption of NIST Secure Software Development Framework and facilitate organizational adoption of security standards and best practices through cross-functional engagement.
• Ensure alignment of common security controls across a broad scope of compliance areas and reduce waste through reuse of applicable operational evidence to assess security of scoped systems.
• Work with cross-functional teams to ensure audit-readiness and drive external audits with certification authorities.

Minimum Qualifications

• A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required.

Additional Qualifications

• Strong knowledge of software development processes, cloud-based infrastructure, cybersecurity, network security, risk management, application security, and third-party management.
• Experience with / understanding of SOC 2, ISO 27001/2, NIST SSDF, FedRAMP and/or other industry standard control frameworks to document and assess Product Security compliance.
• Demonstrated knowledge of IT audit methodologies and control frameworks of IT platforms, cyber security processes, systems, and controls.
• Exceptional communication skills including clear and concise writing, an engaging presentation style, and group facilitation.
• Strong teamwork skills with a demonstrated ability to collaborate across teams and roles.