Vacancy expired!
JOB RESPONSIBILITIES: - Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible. - Work closely with the product development engineers to perform security design and code review by suggesting flow improvements, anti-tamper protection when needed for security modules, and help with integration of vulnerability assessment tools. - Provide security guidance to Engineering and Product teams on overall product architecture and its ecosystem. - Build Threat Models, conduct Risk Assessments for new features or services and provide guidance on effective countermeasures. - Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment involving truly cutting edge technology. - Provide subject matter expertise on Encryption, Security Controls, and Secure Design and programming practices across the Technology organization. - Contribute to Security Policy, Standards, and Guidelines related to Information Security. - Evaluate and operationalize new technologies for securing the organization. - Train and mentor Security Champions throughout the development. - Share thought leadership in the product and application security space. - Create security User Stories and security Test Cases for products that are tailored to the product attributes and technology. - Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance. MUST HAVE SKILLS (Most Important): - 7+ years of relevant software development experience. - Minimum 5 years of demonstrable experience with performing security requirements analyses to secure the deployment of large globally distributed cloud-based platforms, building threat models, doing design reviews and documenting relevant mitigation techniques, implementing security best practices, applying security design patterns, implementing common security algorithms and protocols. - Solid grasp of Cryptographic Algorithms (PKI), authentication protocols, and transport layer security, OID, OAuth, SAML. - Hands-on experience with software development projects using iOS/Android platforms. - Experience with Obfuscation techniques,, Reverse Engineering and Tamper Resistant software development. - Familiar with Embedded Linux, System-On-a-Chip (SoC) infrastructure (tools, libraries, and open source development), secure software best practices for embedded systems. - Good understanding of Cloud Services, like Amazon Web Services including VPC, IAM, KMS - Security groups, SCPs, ELB, Guard Duty and S3 storage. - Experience with Management Services such as CloudWatch, Lambda and AWS Config and vulnerability scanning tools. - Programming skills in C/C, Java, Scala, Python or other languages and the ability to solve complex operational issues. - In-depth understanding of Secure Software Development Life Cycle in a continuous integration and deployment environment. An excellent communication, organizational, and experience translating business goals into technical security deliverables - Understanding of various types of Exploits, Threat Modeling, and Attack surfaces. - Bachelors degree in Computer Science or equivalent engineering experience. DESIRED SKILLS: - Knowledge and hands on skills with Docker, ECS, Kubernetes infrastructure security in a Hybrid environment and Container Networking concepts. - Experience with Web application infrastructure as well as UNIX-based operating systems, with a focus on security aspects of application and operating system platforms. - Experience with Third party ecosystem tools for compliance and security such as Auto-Remediation/ Compliance (Cloud Custodian), PRISMA, Dome 9, TrendMicro, and Container Security Tools. - Familiar with Network Security and host based IDS/IPS. - Experience with performing Security Testing and Penetration Testing techniques. - Experience with Content Security technologies like DRM/Conditional Access is ideal. - Understanding of Trusted Execution Environment and Secure Boot Process. - Experience with IT Security Frameworks such as NIST, ISO27001, PCI, DSS, FedRAMP. - One of more of the following certifications:, AWS Certified Solutions Architect - professional, AWS Certified Security - Specialty, CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP), CISSP. EDUCATION/CERTIFICATIONS: - Bachelors degree in Computer Science or equivalent engineering experience (as a minimum). - Masters degree in Computer Science or equivalent engineering experience (preferred). #LI-KB1
Vacancy expired!