Senior Software Security Engineer
Jersey City, NJ
" Perform static and dynamic application security tests and penetration tests.
" Work with application development groups to understand different types of vulnerabilities, attack vectors and remediation approaches for web, mobile applications and APIs.
" Help integration software security tools and practices with agile SDLC and devops.
" Help application teams build applications which is secure by providing security requirements and security patterns, re-usable code, etc.
" Perform software security design and/or code reviews.
" Assess the security risks associated with software applications.
" Manage WAF rules and create custom policies when needed.
" Bachelor's degree in a related field and/or a minimum of 5 years of equivalent experience.
" 5+ years of experience as an engineer for a Software Security Assurance or Software Development team
" Expert knowledge of application vulnerability types, attack vectors and remediation approaches
" Ability to perform security code reviews and provide remediation guidance in Java web applications and micro-services.
" Expert understanding of the IP protocols and associated security mechanisms: TCP/IP, HTTP, SSL/TLS, PKI.
" Proficiency with dynamic and static application penetration testing and vulnerability scanning tools such as Fortify, Burp Suite Pro, etc
" Knowledgeable of industry best practices for secure software development as well as web and mobile application security.
" Familiarity with encryption and hashing techniques, authentication and authorization and other security mechanisms
" Experience with either WAF/RASP and/or Threat Modeling a plus.