Req ID: 133574
Remote Position: No
Region: Americas
Country: Mexico
State/Province: Nuevo Leon
City: Monterrey
Functional Area: Information Technology (ITM)
Career Stream: IT Solutions (SOLN)
Role: Specialist (SPE)
Job Title: Specialist, IT Solutions
Job Code: SPE-ITM-SOLN
Job Level: Band 8
Direct/Indirect Indicator: Indirect
A Software Product Security role (often called Product Security Engineer or ProdSec) is the bridge between traditional cybersecurity and software engineering. Unlike IT security, which focuses on protecting the company's internal network, Product Security focuses on ensuring the software the company sells or provides is resilient against attacks.
The Product Security Engineer works directly with DevOps and Engineering teams to bake security into the Software Development Life Cycle (SDLC) The goal is to move security "left"—finding and fixing vulnerabilities during the design and coding phases rather than after the product has launched.
Secure Design & Threat Modeling: Reviewing new features before a single line of code is written. You’ll identify potential attack vectors and suggest mitigations.
Vulnerability Management: Triaging bugs found via automated scanners, internal audits, or Bug Bounty programs.
Security Tooling: Implementing and managing tools like SAST (Static Analysis), DAST (Dynamic Analysis), and SCA (Software Composition Analysis) to catch insecure dependencies.
Code Reviews: Performing manual "deep dives" into critical codebases to spot logic flaws that automated tools might miss.
Incident Response: Acting as a subject matter expert when a security flaw is exploited in production.
Internal Red Teaming Lead activities to find ways to bypass the logic to alter "Recipe" files or production data.
Languages
Proficiency in at least one "product" language (C# (.Net core) , JavaScript, SQL).
Knowledge
Deep understanding of the OWASP Top 10 (SQLi, XSS, CSRF) and cloud security (AWS/Azure/GCP).
Tools
Experience with Snyk, Checkmarx, Burp Suite, or GitHub Advanced Security.
Infrastructure
Familiarity with Docker, Kubernetes, and CI/CD pipelines (Jenkins, GitLab CI).
Bachelor Degree or consideration of an equivalent combination of education and experience.
Educational Requirements may vary by Geography
This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.
Celestica is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on any protected status (including race, religion, national origin, gender, sexual orientation, age, marital status, veteran or disability status or other characteristics protected by law).
At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.
Celestica (NYSE, TSX: CLS) enables the world’s best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.
Celestica would like to thank all applicants, however, only qualified applicants will be contacted.
Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.
Celestica enables the world's best brands. Through our unrivaled customer-centric approach, we partner with leading companies in aerospace and defense, communications, enterprise, healthtech, industrial, capital equipment, and smart energy to deliver solutions for their most complex challenges. A leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development - from the drawing board to full-scale production and after-market services. With talented teams across North America, Europe and Asia, we imagine, develop and deliver a better future with our customers.
We operate in more than 40 locations globally. Consult our website for detailed location information. https://www.celestica.com/about-us/locations
