@nithyapari Im recruiting for a Sr InfoSec Engineer in Roseville, CA
As a Sr. Information Security Engineer you will provide leadership and support for developing an enterprise grade secure software program. You will ensure the development of secure software application security requirements and standards are aligned to business and product strategy. This will also include security polices, objectives, technology development, and operation processes.
• Serve as an application security engineering subject matter expert.
a. Bench strength in JAVA, Spring portlets & .NET, WebForms
b. Depth of understanding in RSI products
c. Evangelize security development lifecycle incorporation into products with QA & developers
d. Ability to train on Secure Development LiveCycle & deploy SDLC to Dev & QA
e. Ability to train on SAST & deploy SAST to Dev & QA
f. Triage findings to attain zero false positives; Manual Verification of all Vulnerabilities; Ensuring a Clean Actionable Report.
• Deliver guidance and awareness of secure software requirements
• Secure software architecture design and coding methodologies and standards, static and dynamic software and application testing practices,(SAST).
• Provide guidance on secure software deployment and maintenance practices in cross functional technology.
• Establish project standards through the development and delivery of formal and informal security training.
• Develop, build, operate and manage static and dynamic security testing platforms and tools whose purpose is to identify security weaknesses and coding flaws in software applications. (IBM AppScan)
• Perform software architecture security analysis, secure code reviews, and application reverse engineering.
• Work with product and business owners, software development, and IT operations staff to create mitigation and/or remediation plans.
• Develop secure software, testing, deployment processes, procedures, and performance metrics.
• Deliver regular and ad hoc reports and briefings to management/team as needed
• Research and gather intelligence on the latest software applications, attack and exploitation vectors, and techniques.
• Develop and maintain documentation related to secure software development processes, procedures, and reports.
• Coach and mentor information Security Engineers.
• Review application code and application interoperability.
• Educate and development teams about secure coding practices.
• Raise awareness on social engineering threats.
• Manage security bugs from identification to fix and to deployment.
• As the lead of Red Team you will strategically conduct penetration testing and web application penetration testing of RSI’s applications.
• Lead and work on new features that make our users and their data safe.
• Research the implicit risks we assume based on the line of our customer’s businesses.
• Lead discussions with a small team of security-minded thinkers.
• Bachelor’s Degree in Computer Science related Engineer field
• 6+ years of combined hands on experience in secure software development, application security engineering, research and/or consulting.
• Active Certified Information Systems Security Professional (CISSP) or equivalent industry certifications.
• Overall understanding of software and application security issues and risks.
• Demonstrate the ability to perform software architecture security analysis, secure code reviews, web application penetration testing, and application reverse engineering.
• Strong understanding of software development methodologies, especially Waterfall
• Experience with multiple compiled, interpreted software and web programming frameworks and languages (Open Source, Oracle and IBM Java Runtime, Microsoft .NET Runtime, Microsoft SharePoint, GlassFish Application Server, JBoss Wildfly Application Server, IBM WebSphere Application Server and IBM WebSphere Portal Server, and Moodle.).
• Deep expertise with static and dynamic application security,
o includes IBM AppScan, WhiteHat Sentinel & VeraCode.
• Penetration testing
• Vulnerability assessment tools.
o Rapid7’s Nexpose, Tenable’s Nessus.
• Understanding of TCP/IP networking.
• Comfort working with Linux and Microsoft Windows based operating system platforms and relational database management systems such as Oracle, MS SQL, and MySQL