Browse
Employers / Recruiters

Security Engineer/Pen Tester

Negotiable
Full-time
Continue
By pressing the button above, you agree to our Terms and Privacy Policy, and agree to receive email job alerts. You can unsubscribe anytime.
Interview: Phone and skype

Description:


The Senior Software Security Engineer will work within software engineering organizations to translate and define security requirements, use and mature practices for building secure applications; and suggest and support remediation activities for identified vulnerabilities. This position requires interest and expertise in defining and executing on a software engineering security practice; strong proven software development skills; expertise with major software infrastructures (J2EE, .NET, Oracle) and architectures (Web, SOA); an ability to build rapport and credibility with management and software development teams; and the ability to document and communicate the results of code reviews and penetration tests. Successful candidates must be action-oriented self-starters, capable of solving complex technical problems both independently and in a team environment. Candidates must also be able to communicate clearly and effectively to both technical and executive level audiences, both verbally and in written form.

Responsibilities
•Defines security related programming standards, use of APIs that support secure coding, code review, use of automated scanning tools, and penetration testing.
•Works with software engineering teams and Enterprise Architecture (EA) to build out formal product security plans that put in place controls to build security in during the software development life cycle.
•Stays current with emerging software security technologies, trends, and attack vectors, with a primary focus on internal reference architectures and security standards.
•Performs/participates in architectural reviews that are meant to identify and remedy architectural security flaws.
•Responsible for the use of security-related code analysis tools and takes the lead on tuning, enhancements, upgrades, and tool integration.
•Develops threat models in conjunction with architects and software engineering staff.
•Oversees the development of misuse/abuse cases in conjunction with requirements analysts.
•Works with the Information Security Office on incident response and operational/strategic initiatives.
•Provides thorough documentation regarding the processes and technologies that support secure software development practices
•Work with IT Groups to define, develop, socialize and execute long-term software security roadmap, including:
•Act as a liaison between software engineers and the Information Security Office.
•Work with product teams to understand security requirements for software applications.
•Participate in projects with software engineers and provide security oversight, constructive expertise and guidance to implement appropriate security controls that address business needs.
•Scope the marketplace for application security related tools, conduct tool analysis and provide recommendations.
•Consult with software engineers and the Software Engineering groups to further their understanding of security principals and tools.
•Conduct and coordinate in-house vulnerability assessments and code-reviews on software products.
•Consult on technical security issues/incidents as needed.
•Conduct risk assessment planning sessions and results read-outs.
•Initiate and conduct manual/automated code reviews (via risk assessments).
•Work with the Security Program and 3rd party software/shared services
•Define and modify security touch points currently in the Product Software Security Plan (PSSP) and eventually in the broader Software Development Lifecycle (SDLC).
•Provide security requirements to requirements analysts as input to the requirements process Define abuse cases, threat modeling and architectural risk analysis.
•Periodically analyze the effectiveness of the Software Security Program and provide recommendations, as necessary, on process improvement.
•Participate in maintaining the security API used applications
•Help review static analysis tool findings with product teams and other IT stakeholders; lead manual code inspections; identify secure coding practices.
•Identify and add custom rules based on security bugs found via static analysis, testing, and/or security response incidents.
•Review dynamic analysis tool findings and identify sources of problems with product teams and other IT stakeholders.
•Consult with Development, Operations, Business Owners and the Information Security Office on technical security issues.
•Facilitate trade-offs between security, operability, usability, and feature-set
•Provide risk assessments and recommendations to management.
•Conduct security assessments on applications, and provide purchase recommendations to management.
•Define impact to project schedule/budget to comply with Software Security Program directives.
•Strategically align high level business requirements and security strategies with pros/cons analysis for business to manage risk.
•Continuously improve IT security processes in line with SDLC and review/audit processes to assure compliance with regulatory and industry security standards

Qualifications

Education/Experience

Bachelor's Degree in a related field plus additional related college courses or professional training. Four to seven years of progressively responsible directly-related experience.

Related Skills & Other Requirements:


•Must have strong knowledge in one or more of the following: HTML, JavaScript, DOM, AJAX, CSS/CSS2, XML, XHTML, DHTML, etc.
•Must have adequate knowledge of J2EE and/or .NET technologies.
•Experience writing automated unit tests.
•Experience in performing code reviews.
•Strong interest in IT Security with a passion to solve problems.
•Knowledge of TCP/IP, HTTP/S and other protocols.
•Knowledge of cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors a plus.
•Knowledge of OWASP Web Security Certification Criteria, OWASP testing guidelines and PCI Data Security Standards is a plus.
•Experience with one or more of the following tools is a plus: nmap, Nessus, Metasploit, TCPDump, Burp Suite, ZAProxy.
•Experience with IBM AppScan Source Edition, IBM AppScan Standard, and/or Client Fortify is a plus.
•Experience with the following source code repositories is a plus: SVN, GIT, IBM ClearCase
•Any knowledge of one or more of the following is a plus -- Python, Ruby, PHP or other scripting languages.
•Reverse engineering experience is a plus.
•Protocol analysis and forensic analysis experience is a plus.
•Experience installing, configuring and maintaining continuous integration (CI) environment(s) using tools such as Cruise Control, Cruise Control.NET, Hudson, Jenkins, Bamboo, Gauntlet, in a test driven development (TDD) process is a plus.
•Experience with one or more of the following static analysis tools is a plus: FindBugs, FxCop, and PMD.
•Additional certifications such as CISSP, CSSLP, CEH, ENCE, CCE, GCFA, GCIA, GCIH, CHFI and/or QSA are highly desired.

Last updated on Sep 16, 2016

See more

More jobs at ipjdnw7f5napvetweqr2ziz9mno8hm0423sbqrczl5q6rasimprbblk5rouuuujo

Analyzing

Stamford, Connecticut

 · 

30+ days ago

Dallas, Texas

 · 

30+ days ago

Atlanta, Georgia

 · 

30+ days ago

Hanover, New Jersey

 · 

30+ days ago

New Hartford, New York

 · 

30+ days ago

More jobs like this

Analyzing
System Analyst
B
b6jdnwcpcemgg8el3r9winlpunj8hc038b1vkhowrzxn9gitznreodi38t7rirkp

Chapel Hill, North Carolina

 · 

30+ days ago

Fredericksburg, Virginia

 · 

30+ days ago

System Analyst
T
two95-international-inc-3

Remote

 · 

30+ days ago

Washington

 · 

30+ days ago

System Analyst
3
3djdnw5yqdh8wl3frr5t6561tvvokq01affwpxt3lcutzo4f8yt1aeiy3msk02or

Reston, Virginia

 · 

30+ days ago

System Analyst
C
crjdnwsnowo2i4nz45b1teboszrxlg0351vr73gpqw7yanury9u287prckhdnkww

Irving, Texas

 · 

30+ days ago

Application Analyst - IT
9
9xjdnwf8nt489qdiu4ab0qq7clsnet01f27n6pjaxju02yq1u697ou3dvfougsq9

Denver, Colorado

 · 

30+ days ago

Systems Analyst 1
R
rsjdnwc9jel4i3xyjsm3m8vnhrmayk037bphn44zg3i1bl3dcjtqhqlclsisinpr

Michigan

 · 

30+ days ago

Senior IT Analyst
F
fvjdnwvwi7yecmymd9si3it1ointo80348emvd7mgqh749rpbe3n811jnfkeb228

Maryland Heights, Missouri

 · 

30+ days ago

VMware and Windows Engineer
D
dhjdnwh4qm62pb5vm2o4tbd72ej7oa01f47beu0d9d984ckrwi58r2ocg36n82t5

Chesterfield, Virginia

 · 

30+ days ago

Developed by Blake and Linh in the US and Vietnam.
We're interested in hearing what you like and don't like! Live chat with our founder or join our Discord
Changelog
🚀 LaunchpadNov 27
Create a site and sell services based on your resume.
🔥 Job search dashboardNov 13
Revamped job search UI with a sortable grid, live filtering, bookmarks, and application tracking.
🫡 Cover letter instructionsSep 27
New Studio settings give you control over AI output.
✨ Cover Letter StudioAug 9
Automatically generate cover letters for any job.
🎯 Suggested filtersAug 6
Copilot suggests additional filters above the results.
⚡️ Quick applicationsAug 2
Apply to jobs using info from your resume. Initial coverage of ~200k jobs in Spain, Germany, Austria, Switzerland, France, and the Netherlands.
🧠 Job AnalysisJul 12
Have Copilot read job descriptions and extract out key info you want to know. Click "Analyze All" to try it out. Click on the Copilot's gear icon to customize the prompt.
© 2024 RemoteAmbitionAffiliate · Privacy · Terms · Sitemap · Status