Software Security Engineer - Deerfield (Great culture!)
Posted on Sep 9, 2019 by Responsive Search, Inc.
We are looking for an Application/Software Security Engineer for a growing client in the Deerfield area. This is a permanentdirect hire position with salary plus benefits and Bonus potential. Great culture, growing team, with strong benefits. If you enjoy a work-hard play hard environment, you will want to look at this organization!
- Conduct vulnerability assessments against web applications and APIs utilizing automated tooling and manual approaches.
- Help evolve the application security functions and services
- Work closely with various engineering teams to establish, implement and promote security standards to properly secure applications.
- Implement and automate static code analysis.
- Perform regular application vulnerability assessments and lead initiatives to resolve any security flaws.
- Automate security log collection and analysis wherever possible.
- Establish and promote secure coding practices and general security awareness across multiple development teams.
- Perform assessments and correlate vulnerability data, in order to quickly identify risks.
- Produce reports on patches, exploits, and vulnerabilities.
- Develop, schedule, and execute automated security audits on infrastructure using industry standard security frameworks and tooling.
- Recommend and track the application of fixes, security patches, and security updates.
- 2-4 years professional experience in Software Security.
- Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security.
- Knowledge to perform manual application source code security reviews for applications as well as some penetration testing
- Some knowledge of Cloud environments like Azure, AWS and Google preferred
- Any experience with Vulnerability Management a PLUS
- Knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security.
- Some knowledge of security tools such as intrusion detection systems, vulnerability scanners like Nessus, traffic analysis tools and packet sniffers like Wireshark, log collection and analysis like the ELK stack.
- Knowledge of industry security standards, principles, techniques and technologies (OWASP Top 10, ISO27001, NIST etc.)
- Familiarization with patching processes and related technologies (eg SCCM, Ivanti DSM, Patch Manager, Kaseya, Jamf Pro, ManageEngine Desktop Central, and Kenna).
- Knowledge of and expertise with at least one of the following industry-standard vulnerability management tools. Nessus, Qualys, Nmap, Rapid7 Nexpose, Metasploit, Burp Suite, Fortify, or HP Webinspect. Preferrably Nessus solution.
- Knowledge of metrics, and trending for vulnerability management functions a PLUS