Senior Security Engineer

Responsibilities:

• Secure the SDLC and automate security analysis and scanning with SAST, DAST, SCA and other tooling.
• Perform and Support Manual Penetration Testing
• Responsible for providing technical expertise on secure software development and support of all associated activities, processes, and tools for protecting technology-based information.
• Reviews, develops, tests, and implements security plans, products, and control techniques.
• Maintains awareness of security and technology trends and shares that knowledge with others.
• Mentor security champions in relevant development and IT functions
• Documents security policies and procedures where/when needed.
• Provides implementation support for risk assessment and data security procedures and products.
• Evaluates new and proposed security systems, products, and technologies.
• Reviews circumstances surrounding data security incidents and designs corrective actions.
• Contribute to security coding guidelines for different programming languages.
• Development experience and skills. C#, .Net, Java, Python, JavaScript, Node JS etc...
• Proven capabilities in the analysis, design, development, and implementation using .NET Core, Web API, ASP.Net MVC, WCF, WinForms, WPF, SQL Server, Azure, AWS, etc.
• Strong understanding and working experience with Identifying and guiding application teams in remediating OWASP Top 10 Vulnerabilities and SANS Top 25
• Lead application security reviews and threat modeling, including code review and dynamic testing.
• Implementing software application security controls and designing technical solutions to address security weaknesses
• A good understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)
• Lead in development of automated security testing to validate that secure coding best practices are being used.
• Strong understanding and experience with common security libraries, security controls, and common security flaws.
• Proactively identify and mitigate against application security risks or incidents.
• Raise awareness of application security requirements through development and review of application security standards, policies, and processes
• Ability to document and effectively communicate technical findings to developer teams and evangelize security practices.

Skills, Knowledge, and Experience:

• Bachelor s degree in computer science engineering or related.
• 5+ years of IT experience.
• Experience with at least one Static Application Security Testing (SAST/DAST) tool (e.g., CheckMarx, HP Fortify SCA, Coverity, Veracode, FindBugs, other), its use, reports results interpretation, developer community support in remediating verified code-associated security vulnerabilities. Product configuration & tuning experience a plus
• Professional experience with software application security, and its associated standards and practices
• Ability to perform Manual Penetration Testing using industry standard tools and technique.
• Experience with the results interpretation of Dynamic Application Security Testing (DAST) reports
• Experience with variety of assessment tools (e.g., BURP, Nessus, Qualys, SQLMap)
• Professional experience as a software application developer in a leading development language (e.g., C#, Java, .NET, C/C++ etc...), having performed web-based application development.
• Professional experience with securing web applications (e.g., understanding attack vectors, system or code vulnerabilities)
• Knowledge and understanding of secure SDLC (System Development Life Cycle) methodologies.
• Excellent verbal and written communication skills
• Experience in drafting application security coding standards.
• Ability to manage highly complex issues and negotiate solutions.
• Knowledge and understanding of Application security threat management and mitigation.
• Application security experience with banking/financial services applications.
• Certified in Industry renowned certifications like CEH and/or similar certifications.