Job Description Summary
Senior Security Engineer is expected to have experience in multiple security domains, to develop scalable solutions for complex business problems. That includes concepts of TPM, Windows DPAPI, application security, and HTTPS.
- Consult software development and DevOps teams in the design and architecture of secure systems. Collect, identify, and develop best practices for specific security-related problems.
- Train developers for OWASP Top 10.
- Perform threat modelling exercises and facilitate technology security reviews including Secure SDLC testing requirements
- Identify, prioritize, and help implement security improvements that maximize security while keeping developers productive
- Serve as security go-to person for product security
- Integrate security in the DevOps culture. Design, prototype, support, and evaluate security-focused tools and services. Assist with triage of findings from security tools. Develop and refine rules and checks for security automation.
- Identify and understand inherent, systemic high-risk security issues that could lead to security incidents. Design, prototype, support, and validate scalable security solutions to eliminate systemic issues, including project leadership.
- Run SAST/DAST tools, code signing, and code obfuscation tools.
- Create processes to integrate security in the SDLC
For this role you will need a bachelor’s degree, Master’s degree preferred, (or equivalent experience) in Computer Science or related field with 5+ years of experience in security engineering or related field. You will need hands-on experience with PowerShell and Azure, Windows Hardening (NIST, STIGs) and a good understanding of threats and threat vectors.
- Experience with .NET stack and other programming languages (such as C++, Python)
- Experience in several of the areas:
- Security design and threat modelling
- Automation: from prototyping new security tools, evaluating/validating existing security tools, automation, to supporting and improving existing product security tools: SAST(Ideally Fortify), DAST(e.g. ZAP), NESSUS etc.
- Systemic security issues: identifying, root cause analysis, designing security solutions