The software security engineer works with our software team to develop and maintain our software products security strategy in compliance with industry best practices.
- Works with security vendors to improve our software products security posture to reduce risk, and performs research to detect new attack vectors.
- Continually reviews and understands new industry security threats and associated technologies.
- Works with software team to ensure solutions are not only secure by design, but also throughout execution and evolution, with focus on corporate goals, strategy, process interdependencies, etc.
- Participates in architecture design discussions for upcoming feature enhancements and new products/services, ensuring security best practices are followed in each phase of development and ensuring risks are understood and mitigated in the design choices.
- Works with customers to understand their security vendor assessments and intersection points with our software products security strategy.
- Performs risk assessments and assists with developing remediation strategies.
- Performs penetration testing, code reviews, and design/architecture reviews.
- Identifies and remediates weaknesses in our processes and procedures.
- Ensures solutions remain secure ongoing, whether via code scan techniques, penetration testing, or other means, as available.
- Creates and executes training exercises to advance developers’ security knowledge.
- Performs other tasks and works with other departments as directed by supervisor.
Knowledge, Skills, and Abilities:
- Familiar with standard concepts, practices, and procedures of secure code development.
- Software development experience with modern enterprise software development frameworks (.NET, Java, etc.)
- OSCP, OSCE, OSWE, CCSP, MCSD certifications are a major plus.
- Experience with code reviews and penetration testing
- Understands the principle of least privilege and the confidentiality, integrity, and availability triad, and will work to enforce those concepts in our environment.
- Familiarity and experience with AWS, Azure, GCP and other cloud providers.
- Demonstrated experience evaluating code for vulnerabilities and weaknesses.
- Solid understanding of OSI model, TCP/IP, HTTP and TLS.
- Experience with secure coding practices and automating security checks in pipelines.
The software security engineer does not have any supervisory responsibilities.
- Requires degree with a focus in Information Technology.
- 4+ years experience in a software development field such as software developer/architect, software QA, or app security engineer.
- Adjustments to requirements may be made for those with comparative experience.