Position: Senior Security Engineer
Location: Rockville, MD
Duration: Long Term
Description: Senior Security Engineer
Under limited supervision, the Senior Security Engineer assists engineering teams to identify and satisfy security requirements in their software throughout the software development lifecycle. They are responsible for equipping teams with the skills and tools required to perform threat modeling and identify/defend against common OWASP Top-10 vulnerabilities. This is accomplished via embedding engineering engagements wherein the security engineer participates in team SDLC activities and pairs up with developers and testers over multiple sprints.
- Embed into a sprint team as a Security SME and pair up with the developers/testers to:
- Identify and prioritize security requirements deficiencies via threat modeling
- Design practical strategies to fully satisfy or partially compensate the associated risks of the identified threats
- Effectively test that security requirements have been satisfied and security vulnerabilities have been properly defended
- Assist teams in incorporating security best practices into their sprint activities
- Educate stakeholders in the engineering team to be able to perform the above activities
- Follow up and provide consultation with engineering teams following an embedded engagement
- Design and develop enterprise-level engineering tools and systems to solve common security engineering problems that development teams are facing
Education and Experience
- Bachelors or Masters in Computer Science, Computer Engineering, or a related field
- 5+ years of cumulative experience in software development and/or test automation
- Hands-on experience with object-oriented programming in Java (preferred), C#, or Ruby
- Solid understanding of common security threats facing the software industry (OWASP Top-10)
- Basic penetration testing experience using common tools (ex: Burp, Zap)
- Firm grasp of common software development lifecycles (ex: Agile Scrum, TDD)
- Ability to communicate effectively with security novices
- Experience developing in and securing Amazon Web Services applications
- Experience in developing threat models using a diagrammatic approach
- Knowledge of common risk classification systems (ex: STRIDE) and risk ranking models (ex: CVSS, DREAD)
- Demonstrated understanding and experience with object oriented design.
- Demonstrated understanding and application of algorithms to test solutions.
- Firm grasp of SQL and relational database design.
- Work is normally performed in an office environment. Occasional travel and extended hours may be required.