What You’ll Do

• Build strong relationships and effectively influence product engineering
• Translate security risks to business impact
• Architects, prioritizes, coordinates, and communicates the choice of security technologies necessary to ensure a highly secure yet usable computing environment
• Provide security architecture and advice in support of application development, infrastructure, and enterprise technology projects
• Perform code analysis, application security reviews, and develop an application security training program
• Stay current with security technologies and make recommendations for use based on business value
• Maintain expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services
• Provide training and mentoring to clients and consulting resources

Requirements

• Understanding of the OWASP Top 10 application security risks and how to address them
• Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM)
• Working knowledge of Amazon AWS, Microsoft Azure, or other cloud computing platform offerings and security-related services
• Integration of security tools through API’s, webhook, or other custom integration
• Hands-on experience with encryption, hashing, secure random number generation, key derivation, key management, digital signatures, etc. in one or more major development languages
• Core understanding of web application security scanning software and related penetration testing tools such as SAST/DAST/IAST/SCA
• Deep understanding of service-oriented architecture, building internet-scale, distributed, and critical services
• Extensive knowledge of Java and the Java Ecosystem
• Proficiency in Python, JavaScript, and other scripting languages
• Experience with architecture and security reviews, threat modeling applications, and identifying areas of risk
• Experience implementing strategies to support secure and compliant architectures
• Knowledge of network architectures, topologies, and concepts (Firewalls, LB, WAF, CDN, VPC, ACL, TLS, SSH, and DNS)
• Excellent written and verbal communication
• Ability to scale by evangelizing your work to leadership and engineers including writing requirements and solid technical guides
• Familiar with compliance regulations like; PCI, GDPR, SOC2, SOX
• An affinity and experience with an automation and development-based approach to security
• Ability to collaborate with multi-functional teams located in different time zones to drive fixes and alignment to established policies
• BS in Computer Science or Equivalent with 10+ years of experience

Nice to Have

• MS in Cyber Security, Information Security, MIS, or equivalent
• Knowledge of the MITRE ATT&CK Framework
• Industry security certifications such as CISSP, CEH, or others
• Experience in conducting social engineering-focused assessments
• Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
• Experience in Web and Mobile (Android/iOS) based application/service assessment
• Experience in Wireless and Network assessment in enterprise infrastructure
• Experience in reverse engineering and associated tooling such as IDA
• Knowledge of fuzzing, memory corruption, and exploit development
• Knowledge about hardware hacking