The Sr. Security Development Engineer will be a part of the Cybersecurity Team focused on general application and infrastructure security, DevSecOps principles, code quality, vulnerability management, penetration testing, and security operations. The Cybersecurity Team works with closely with product delivery teams to ensure technology security and vulnerabilities are addressed and remediated throughout the system/software development life cycle (SDLC). As a senior member of the team, your focus will be building and maintaining relationships with different business units, influencing and injecting secure ideas into the roadmap, promoting best security practices, solving world-class security challenges, and pushing your engineering knowledge and expertise while continuously penetration testing our compute ecosystem.
Essential Job Functions:
- Integrate and maintain a continuous static and dynamic analysis process into the product development life cycle.
- Integrate and maintain a continuous penetration testing solution that is tuned to the specific needs of the product.
- Assess current attack vectors and how they might be exploited in our code base and infrastructure.
- Collaborate with product delivery teams to produce business value and functionality.
- Collaborate with product delivery team to help design secure application/system architecture and deployment best practices in on-premises and Cloud-based services.
- Partner with Core Computing and Security teams to review and assess production traffic and its impact.
- Write functional tests that prove that attack vectors are not successful.
- Review code for possible flaws and develop intrusion detection algorithms on-network and in-application.
- Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
- Create comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
- Configure and troubleshoot security infrastructure devices.
- Prepare and document standard operating procedures and protocols.
- Implement and monitor security measures for the protection of computer systems, networks, and information.
- Knowledge with C#, .Net, and Python software
- Detailed technical knowledge of database and operating system security with a minimum of four years working with Windows and Linux technologies.
- Knowledge with web-related technologies (Web applications, Web Services, Service-Oriented Architectures) and of network/web related protocols.
- Thorough understanding of the latest security principles, techniques, and protocols.
- Knowledge of Public Cloud security principles and best practices.
- Static application security testing (SAST) tools such as Checkmarx
- Dynamic application security testing (DAST) tools such as AppScan
- Continuous integration and continuous delivery (CI/CD) tools such as Bamboo, Jenkins, Azure DevOps, Octopus Deploy, etc.
- Excellent organizational knowledge to understand the business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
- Excellent problem-solving skills in order to react quickly, decisively, and efficiently in high-stress, high-impact situations.
- Excellent communication skills to effectively communicate technical and transactional data.
- Excellent attention to detail in order to mine and monitor through large amounts of data to identify and investigate security breaches.
- Ability to present and communicate complicated technical information to multi-dimensional audiences.
- Ability to utilize cutting edge technologies and champion automated quality processes.
- Ability to work under stressful situations and adapt to changing work demands.
- Ability to work collaboratively as well as independently, with minimal supervision while delivering quality results.
- Ability to work in an Agile/Scrum work environment.
- Ability and self-motivation to accomplish deliverables with minimal supervision and direction. Ability to work a flexible schedule including non-traditional hours and during holiday seasons as required.
Education/ Training/ Experience
- Bachelor’s degree in Computer Science, Information Security, IT, or related field (equivalent work experience will be considered)
- Minimum of 4-8 years of experience in secure code development, Offensive Security Certified Professional (OSCP), Global Information Assurance Certification (GIAC), and/or Certified Information Systems Security Professional (CISSP), and/or Offensive Security Certified Expert (OSCE)