Title: Sr. Security Engineer
Location: Research Triangle Park, NC
- Define, commit, and track secure development lifecycle activities across the entire product development organization.
- Continually working to improve application security through new and adjusted methodology and tooling.
- Provide a leadership role to the core program team of professionals from Engineering Management, Marketing, Operations, Finance and Global Services functions, to drive all pertinent issues related to our secure development lifecycle process.
- Coordinate with engineers, serve as a project lead, and/or recognized as an expert in secure design, development, and delivery.
- Strong proficiency in technical security assessments including threat modeling and attack surface analysis, security baseline analysis, security requirements/architectural review and final security reviews and recommendations.
- Work with the management team in planning and managing company resources to execute development projects or project components from design phase through implementation.
- Identify and communicate project scope and ensure program milestones and objectives are met.
- Keep management informed of key issues and changes which may impact expected business results.
- Analyze problems and drive solutions involving multiple elements of program planning.
- Ensure that projects adhere to the company processes and initiate process improvements as needed.
- Familiar with product incident response practices.
- Provide recommendations on remediation approaches that strike the right balance across business deliverables.
- Develop security satellites as leaders within individual product teams.
- Lead training efforts including development of content for broad consumption both live and on-demand.
- Possess and demonstrate excellent written and verbal communication skills.
- Ability to work collaboratively within a team of other engineers and have strong influencing and leadership skills.
- Knowledge of multiple programming languages highly desirable.
- Ability to clearly articulate all touchpoints of a secure development lifecycle.
- Strong understanding of static analysis, dynamic analysis, fuzzing, OWASP top 10, SANS/CWE top 25 and vulnerability scanning.
- Storage background and understanding of network topologies highly desirable.
- Strong understanding of the network stack including ports and protocols.
- Proven experience in leading teams in software security test planning, automation, documentation and process improvement.
- Strong understanding of third-party and open source software integration and usage methodology.
- Understanding of security maturity models such as BSIMM or OpenSAMM preferred.
- Strong collaboration skills over application sharing platforms and video conferencing.
Ability to travel 20% of the time.