Application Security Architect
Posted on Dec 11, 2018 by Mimecast Services Limited
Job Location(s) US-MA-Lexington
Position Type Permanent - Full Time
More information about this job:
Due to ongoing success and demand, Mimecast continues to scale operations globally. We are looking for a seasoned Principal Security Engineer to join our high performing Software Engineering division responsible for building high-performance, massively-scalable, always-available Cloud-based systems.
The Principal Security Engineer would need to have the architectural and technical skills for Application Security at the highest of levels, and will be responsible for owning the Application Security strategy for the company.
The high level responsibilities are:
- Developing the strategy for application security and working alongside our engineering teams to ensure that solutions are aligned to the objectives of this strategy.
- Identifying security gaps in existing and new product designs and implementations.
- Assessing existing products to evaluate their security maturity levels, categorizing and prioritizing risks.
- Providing recommendations in design and implementation of software security concepts and specifics across a wide range of application security issues and design security architecture elements to mitigate threats.
This role requires a candidate to have exceptional technical skills with hands on experience with application security to perform the duties on:
- Using static analysis tools for vulnerability discovery in source code.
- Manual source code security reviews.
- Dynamic API Security Testing and Fuzzing.
- Automating Security Tasks such as Analysis and Reporting.
- Threat analysis/modelling.
- Penetration testing of our various environments.
In addition to security testing and tool development, you will be involved with varying emphasis in a fair few of the company wide security lifecycle programs being pioneered by the security team.
Essential Skills and Experience:
- Proven ability to program or script in a variety of programming/scripting languages is essential.
- A good knowledge of Java will be necessary, especially because of tasks related to code reviews of (primarily) Java based code for security risks.
- Good knowledge of Linux administration and tools (familiarity with Windows is also useful but not essential).
- An understanding of penetration testing, especially in an enterprise environment will be beneficial. This will include the ability to use automated pen-testing tools as well as the ability to carry out manual pen-testing.
- Excellent team-working skills, ability to learn new technologies, and a "can do, let's get it done" attitude is crucial.
- Have a talent for finding security flaws, and a detailed understanding of the well-known and more bleeding edge attack vectors available.
- Ability to design and execute automated penetration testing modules to detect vulnerabilities during build time, coming up with innovative ways to integrate security into the SDLC.
- Forensics experience.
- Experience working in an ISO 27001 environment.
- Familiarity with SOC2 processes and audits.
- Experience security testing and hardening Mobile applications is very desirable.
- A good working knowledge of tools like Coverity, SonarQube, Seeker, Fortify, Snort, Defensics etc.
- Experience working in a large-scale SaaS environment.
- Preferably a degree in computing with a strong security element.
We offer a highly competitive rewards and benefits package including private healthcare, dental and life coverage. Mimecast is an entrepreneurial and high growth company which will provide the right candidate with a wealth of career development opportunities. All Mimecasters strive on being high performers, problem solvers, and team players with passion and integrity.
An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.