Security Engineer

Overview

Hybrid
Depends on Experience
Accepts corp to corp applications
Contract - Independent
Contract - W2
Contract - 30 Month(s)

Skills

cyber security principles
standards and control frameworks.
security assessments and control gap analyses to secure the deployment
OWASP Top 10 vulnerabilities and Cryptographic Algorithms: (PKI)
X.509 Public Key
Java
JavaScript
Python
Scala
C++/C
Swift

Job Details

Job Title: Security Engineer

Work Location: San Jose, CA (Hybrid Work Model 3 Days in a Week Onsite)

Duration: Long Term

Job Description:

Must Have Skills:

  • Strong knowledge of cyber security principles, standards and control frameworks.
  • Experience with performing security assessments and control gap analyses to secure the deployment of large globally distributed cloud-based and/or mobile-embedded platforms.
  • Experience with OWASP Top 10 vulnerabilities and Cryptographic Algorithms: (PKI), X.509 Public Key Certificates, authentication protocols, transport layer security, OID, OAuth, SAML.
  • Ability to communicate and resolve complex security or operational issues.
  • Engineering or development experience in programming languages such as Java, JavaScript, Python, Scala, C++/C, Swift, or other languages.

Desired Skills:

  • Master s degree in Computer Science or equivalent engineering experience.
  • Direct experience with implementing Security Services and tools in AWS such as Guard Duty, Macie, CloudTrail, CloudWatch, KMS, Compute (e.g., EC2, GCE).
  • Experience with storage technologies such as: S3,
  • Networking: VPC, IDS/IPS, WPA, firewalls, reverse proxies, Load Balancers, Security Groups/List.
  • Experience with configuration tools: AWS Config, AWS Inspector, SDK/CLI. Vulnerabilities tools: Prisma Cloud, CrowdStrike, etc.
  • Experience Container Security experience with Docker, ECS, Kubernetes.
  • Experience with configuration languages/IaaC: JSON, CloudFormation Terraform.
  • Experience with SDLC for mobile platforms including use of obfuscation techniques, Reverse Engineering and Tamper Resistant software development on Mobile Platform.
  • Understanding of various types of Exploits, Threat Modeling, and Attack surfaces.
  • One or more cyber security certifications: AWS Certified Solutions Architect (professional), AWS Certified Security (Specialty), CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP), CISSP, ethical hacker, etc.

Job Duties:

  • The Product Security Team ensures Security by design product engineering and architecture for Client s products. In this role as a Security Engineer, you will conduct security assessments for products and solutions developed by the Client s Consumer Group.
  • You will collaborate with various cross-functional teams and help to create, define, and implement security controls and tooling in conjunction with internal product development and partner teams.
  • Evaluate security postures and recommend improvement and risk reduction for Mobile Platforms (iOS/Android/TvOS/Fire TV), Web, and Embedded applications.
  • IoT Devices, Cloud services. Examples of activities build threat models, design reviews, document mitigation techniques, applying security design patterns, code reviews, etc.
  • Manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements.
  • Participate in deep architectural discussions to build confidence and ensure success when building new or migrating existing cloud infrastructures, applications, software, and services.
  • Support projects at various levels, from ground level up to fully evolved projects, be able to dive into existing environments or help with the security design and requirements of a new project by evaluating the end-to-end environment of different types of services (SaaS, IaaS, PaaS) and client platforms (mobile, web, embedded applications).
  • Continually evaluate new threats and attacks to identify the impact on business and help to develop and implement appropriate security controls.
  • Apply cryptographic primitives and protocols for authentication, authorization and data protection.
  • Recommend and manage transmission protection requirements for all environments (e.g., systems, applications, containers) such as VPC peering best practices, SSL certificate management, RSA key pairs, etc.
  • Implement security modules, tools, and code snippets when needed.
  • Develop architectural documentation, white papers and best practices for infrastructure, applications, data protection and IAM security
  • Train and coach engineering teams to integrate CI/CD pipeline tools, test plans and vulnerability assessment tools for Cloud and other platforms.

Thank you! Bharath RP, Ph: x 121

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.