Senior Software Security Engineer
New Jersey, NJ
- Assess current practices and identify and implement relevant policies to ensure state of the art development practices as they relate to security
- Influences the selection of Software Security Assurance (SSA) program elements including supporting tools.
- Integrate software security scanning and testing into software development, build and testing programs
- Conduct software security testing, including penetration testing, to confirm the results of design and code analysis, investigate software behavior, and verify that the software complies with security requirements
- Identify and categorize information to be contained in or used by software which help determine risk and/or control solutions including application security frameworks
- Bachelor's degree in a related field and/or a minimum of 7 years of equivalent experience.
- 5+ years of enterprise software development experience. Java programming skills including knowledge of JSSE and other security features is preferred. Experience with NET/ASP/C# also a plus.
- Development experience with strong Java programming skills including knowledge of JSSE and other security features.
- Experience performing software security architecture, design and requirements analysis for large-scale enterprise systems
- Solid understanding of a variety of software security practices, secure code reviews, vulnerability scanning methods, threat modeling, security requirements analysis and architectural risk analysis
- Expert knowledge in application vulnerability types, attack vectors and remediation approaches
- Expert understanding of the IP protocols and associated security mechanisms: TCP/IP, HTTP, SSL/TLS, PKI.
- Familiarity with well-known application security sources and standards such as OWASP, WASC, NIST and CVE
- Extensive applied knowledge with static and dynamic analysis tools and hacking tools
- Experience leading enterprise deployment of application security tools, services and controls
- Military education or experience may be considered in lieu of requirements above