Description: Senior Security Software Engineer
Under limited supervision, the Senior Security Software Engineer assists engineering teams to identify and satisfy security requirements in their software throughout the software development lifecycle. They are responsible for equipping teams with the skills and tools required to perform threat modeling and identify/defend against common OWASP Top-10 vulnerabilities. This is accomplished via embedding engineering engagements wherein the security engineer participates in team SDLC activities and pairs up with developers and testers over multiple sprints.
As a member of an Agile SCRUM team:
Identify and prioritize security requirements deficiencies via threat modeling
Design practical strategies to fully satisfy or partially compensate the associated risks of the identified threats
Develop a test plan to verify that security requirements have been satisfied, incorporating functional testing and commercial penetration testing tools
Automate security tests in Java using tools such as Selenium, REST Assured
Assist teams in incorporating security best practices into their sprint activities
Educate stakeholders in the engineering team to be able to perform the above activities
Design and develop engineering tools to solve common security engineering problems that development teams are facing
Education and Experience
Bachelors or Masters in Computer Science, Computer Engineering, or a related field
5+ years of cumulative experience in software development and/or test automation
Hands-on experience with object-oriented programming in Java (preferred), C#, or Ruby
Practical knowledge of modern software design patterns
Solid understanding of common security threats facing the software industry (OWASP Top-10)
Basic penetration testing experience using common tools (ex: Burp, Zap)
Firm grasp of common software development lifecycles (ex: Agile Scrum, TDD)
Demonstrated understanding and experience with object oriented design.
Demonstrated understanding and application of algorithms to test solutions.
Ability to communicate effectively with security novices
Firm grasp of SQL and relational database design
Experience developing in and securing Amazon Web Services applications
The Consortium, Inc.