Vacancy expired!
JOB RESPONSIBILITIES:
- Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible.- Work closely with the product development engineers to perform security design and code review by suggesting flow improvements, anti-tamper protection when needed for security modules, and help with integration of vulnerability assessment tools.- Provide security guidance to Engineering and Product teams on overall product architecture and its ecosystem.- Build Threat Models, conduct Risk Assessments for new features or services and provide guidance on effective countermeasures.- Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment involving truly cutting edge technology.- Provide subject matter expertise on Encryption, Security Controls, and Secure Design and programming practices across the Technology organization.- Contribute to Security Policy, Standards, and Guidelines related to Information Security.- Evaluate and operationalize new technologies for securing the organization.- Train and mentor Security Champions throughout the development.- Share thought leadership in the product and application security space.- Create security User Stories and security Test Cases for products that are tailored to the product attributes and technology.- Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance.MUST HAVE SKILLS (Most Important):- 7+ years of relevant software development experience.- Minimum 5 years of demonstrable experience with performing security requirements analyses to secure the deployment of large globally distributed cloud-based platforms, building threat models, doing design reviews and documenting relevant mitigation techniques, implementing security best practices, applying security design patterns, implementing common security algorithms and protocols.- Solid grasp of Cryptographic Algorithms (PKI), authentication protocols, and transport layer security, OID, OAuth, SAML.- Hands-on experience with software development projects using iOS/Android platforms.- Experience with Obfuscation techniques,, Reverse Engineering and Tamper Resistant software development.- Familiar with Embedded Linux, System-On-a-Chip (SoC) infrastructure (tools, libraries, and open source development), secure software best practices for embedded systems.- Good understanding of Cloud Services, like Client Web Services including VPC, IAM, KMS - Security groups, SCPs, ELB, Guard Duty and S3 storage.- Experience with Management Services such as CloudWatch, Lambda and AWS Config and vulnerability scanning tools.- Programming skills in C/C, Java, Scala, Python or other languages and the ability to solve complex operational issues.- In-depth understanding of Secure Software Development Life Cycle in a continuous integration and deployment environment.An excellent communication, organizational, and experience translating business goals into technical security deliverables- Understanding of various types of Exploits, Threat Modeling, and Attack surfaces.- Bachelors degree in Computer Science or equivalent engineering experience.DESIRED SKILLS:- Knowledge and hands on skills with Docker, ECS, Kubernetes infrastructure security in a Hybrid environment and Container Networking concepts.- Experience with Web application infrastructure as well as UNIX-based operating systems, with a focus on security aspects of application and operating system platforms.- Experience with Third party ecosystem tools for compliance and security such as Auto-Remediation/ Compliance (Cloud Custodian), PRISMA, Dome 9, TrendMicro, and Container Security Tools.- Familiar with Network Security and host based IDS/IPS.- Experience with performing Security Testing and Penetration Testing techniques.- Experience with Content Security technologies like DRM/Conditional Access is ideal.- Understanding of Trusted Execution Environment and Secure Boot Process.- Experience with IT Security Frameworks such as NIST, ISO27001, PCI, DSS, FedRAMP.- One of more of the following certifications:, AWS Certified Solutions Architect professional, AWS Certified Security Specialty, CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP), CISSP.EDUCATION/CERTIFICATIONS:- Bachelors degree in Computer Science or equivalent engineering experience (as a minimum).- Masters degree in Computer Science or equivalent engineering experience (preferred).Vacancy expired!