Senior Security Engineer

OWASP Top-10, Threat Modeling
Contract Corp-To-Corp, Contract Independent, Contract W2, 2 years
Work from home not available Travel not required

Job Description

Position: Senior Security Engineer

Location: Rockville, MD

Duration: Long Term

Description: Senior Security Engineer

Under limited supervision, the Senior Security Engineer assists engineering teams to identify and satisfy security requirements in their software throughout the software development lifecycle. They are responsible for equipping teams with the skills and tools required to perform threat modeling and identify/defend against common OWASP Top-10 vulnerabilities. This is accomplished via embedding engineering engagements wherein the security engineer participates in team SDLC activities and pairs up with developers and testers over multiple sprints.

Responsibilities

  • Embed into a sprint team as a Security SME and pair up with the developers/testers to:
    • Identify and prioritize security requirements deficiencies via threat modeling
    • Design practical strategies to fully satisfy or partially compensate the associated risks of the identified threats
    • Effectively test that security requirements have been satisfied and security vulnerabilities have been properly defended
    • Assist teams in incorporating security best practices into their sprint activities
    • Educate stakeholders in the engineering team to be able to perform the above activities
  • Follow up and provide consultation with engineering teams following an embedded engagement
  • Design and develop enterprise-level engineering tools and systems to solve common security engineering problems that development teams are facing

Education and Experience

Required:

  • Bachelors or Masters in Computer Science, Computer Engineering, or a related field
  • 5+ years of cumulative experience in software development and/or test automation
  • Hands-on experience with object-oriented programming in Java (preferred), C#, or Ruby
  • Solid understanding of common security threats facing the software industry (OWASP Top-10)
  • Basic penetration testing experience using common tools (ex: Burp, Zap)
  • Firm grasp of common software development lifecycles (ex: Agile Scrum, TDD)
  • Ability to communicate effectively with security novices

Preferred:

  • Experience developing in and securing Amazon Web Services applications
  • Experience in developing threat models using a diagrammatic approach
  • Knowledge of common risk classification systems (ex: STRIDE) and risk ranking models (ex: CVSS, DREAD)
  • Demonstrated understanding and experience with object oriented design.
  • Demonstrated understanding and application of algorithms to test solutions.
  • Firm grasp of SQL and relational database design.

Working Conditions

  • Work is normally performed in an office environment. Occasional travel and extended hours may be required.

Posted By

Sujeet Salver

Dice Id : 10299456
Position Id : 2019-326
Have a Job? Post it