Senior Software Security Engineer

New Jersey, NJ

Post Date: 10/07/2016 Job ID: 9135636 Industry: IT Perm
The Software Security Engineer reports to the Director Software Security to ensure the control and protection of software, improve the software development process, and minimize defects and vulnerabilities in software production.
Responsibilities:
  • Assess current practices and identify and implement relevant policies to ensure state of the art development practices as they relate to security
  • Influences the selection of Software Security Assurance (SSA) program elements including supporting tools.
  • Integrate software security scanning and testing into software development, build and testing programs
  • Conduct software security testing, including penetration testing, to confirm the results of design and code analysis, investigate software behavior, and verify that the software complies with security requirements
  • Identify and categorize information to be contained in or used by software which help determine risk and/or control solutions including application security frameworks
Requirements:
  • Bachelor's degree in a related field and/or a minimum of 7 years of equivalent experience.
  • 5+ years of enterprise software development experience. Java programming skills including knowledge of JSSE and other security features is preferred. Experience with NET/ASP/C# also a plus.
  • Development experience with strong Java programming skills including knowledge of JSSE and other security features.
  • Experience performing software security architecture, design and requirements analysis for large-scale enterprise systems
  • Solid understanding of a variety of software security practices, secure code reviews, vulnerability scanning methods, threat modeling, security requirements analysis and architectural risk analysis
  • Expert knowledge in application vulnerability types, attack vectors and remediation approaches
  • Expert understanding of the IP protocols and associated security mechanisms: TCP/IP, HTTP, SSL/TLS, PKI.
  • Familiarity with well-known application security sources and standards such as OWASP, WASC, NIST and CVE
  • Extensive applied knowledge with static and dynamic analysis tools and hacking tools
  • Experience leading enterprise deployment of application security tools, services and controls
  • Military education or experience may be considered in lieu of requirements above

Dan Goldberg


Not ready to apply?

Send an email reminder to:

Share This Job:

Related Jobs: