Security Engineer

Skills

Description

Looking for a Principal / Senior Principal Engineer of Product Security, to join clients global, shared cyber services group. This person is expected to work alongside the broader cyber team, partner with business unit technology teams, and review all products to ensure their protection. The ideal candidate has the experience to recognize risk, design preventive or detective controls and automate security tools.

Responsibilities

• Help build, maintain and execute a strategy to secure their customer-facing products
• Perform security reviews and code reviews of their products
• Oversee their Agile-SDL process ensuring security throughout all phases of the SDL
• Partner with the business to understand the needs and demands of the clients, partners and the marketplace and develop security standards and policies to ensure products are built to meet those needs
• Support product engineering teams to address security issues and ensure sound trade-offs
• Develop and maintain product security dashboards ensuring executive and other non-technical stakeholder audiences have real time visibility to the security of each product
• Serve as the security SME for product engineering teams
• Support product engineering teams in developing threat models for new and updated products
• Work alongside technical architects to develop and maintain secure architectural patterns
• Contribute user stories to address security requirements and work with product engineering teams and stakeholders to prioritize them
• Work with software engineers to design preventative and/or detective controls for specific security issues
• Work with engineering teams to build and socialize re-usable security components
• Socialize automated security tools and guide product engineering teams to integrate these within their CI/CD workflows and test environments
• Work with members of security intelligence and response team to integrate security monitoring of products and build use cases
• Work with members of security engineering team to develop, evangelize security solutions that solve security challenges that engineering teams face

Educational Requirements

• Bachelor's degree in Computer Science, Software Engineering or equivalent experience
• 5-10+ years of software development with at least 5 -8+ years in developing secure systems
• Experience in one or more of the following modern languages/frameworks - HTML5,.net, node.js, JavaScript, PHP, Python, Java
• Script (Python, JavaScript, ReactJS, Java) and build automation tools on an ad-hoc basis
• Ability to write Lambda functions (in Python)
• Proficiency in version control tools like Git.
• Familiarity with JIRA
• Understand code developed in JS, Node, .NET, Python, PHP, Scala, C/C+, and Ruby
• Hands-on with AWS and build/deploy/run Python applications in the cloud. Ability to write Lambda functions.
• Strong understanding of public application security projects such as OWASP, BSIMM
• Familiarity with Checkmarx, Synk, BURP etc.
• Expert knowledge of application security attacks
• A strong understanding of modern development processes including agile development
• Experience in Threat Models and performing Secure Design Reviews.
• Solid understanding of application security topics such as authn, authz, encryption, session management, federation, OAuth/OIDC
• Extensive experience with application security tools like code scanners and dynamic analysis tools
• Experience with application design & architecture using modern design patterns
• Experience with cloud security, particularly for AWS, Azure.
• Experience with integrating security into a DevOps culture
• Ability to communicate complicated technical issues and risks to engineers, project managers and product managers.