View all jobs

Senior Product & Application Security Engineer

Remote, US
Senior Product & Application Security Engineer 
Location: Remote
We are currently seeking a Senior Product & Application Security Engineer to join a Global Security & Resiliency team.

Key Responsibilities
  • Research, design and support the implementation of Application security solutions for the organization
  • Provide secure architecture guidance, determine and develop approach to solutions under limited direction for the business
  • Document security standards, solutions, data flows, procedures, and other technical information as directed
  • Evaluate and apply mature technologies to meet current or emerging business needs
  • Articulate Security Analysis findings and provide remediation strategies
  • Create and/or review threat models for complex application architectures and identify attack surfaces using standard software engineering techniques such as dataflow diagrams, subject-object matrix, and sequence or interaction diagrams
  • Apply CVSS to prioritize design flaws and test targets for remediation and execution
  • Co-partner on processes, architecture, and tools for improving operational efficiency
  • Be passionate about security and cause inside-out transformation of security culture within any development team regardless of that team’s proficiency and prior security experience

Essential Requirements
  • Bachelor's degree in Computer Science with 8+ years of software development experience, or a Master's degree with 6+ years of experience
  • Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative and actionable manner
  • Work with application teams as required to facilitate resolution to challenging business problems/objectives in a secure way
  • Provide requirements and insight into SDL service strategy
  • Provide SDL support and training to SDL champions & development teams
  • Experience in:
    • Building end to end Secure Development practice
    • Secure code development and reviews
    • Threat Modelling (preferably to STRIDE methodology)
    • Working in an Agile/SCRUM/DevOps/DevSecOps environment
    • Containers and Micro Services such as Docker, Kubermetes, PCF (Pivotal Cloud Foundry), VMWare Photon and others
    • Secure Cloud application development
  • Industry certifications: CISSP (preferred)
FEZR
Powered by