Principal Security Engineer (Product Security)
GreenFoot Technologies - Spokane, WA

This job posting is no longer available on GreenFoot Technologies. Find similar jobs: Principal Security Engineer jobs - GreenFoot Technologies jobs




Our Client is looking to hire an experienced mid to senior-level Product Security Engineer to ensure that our embedded software, networking, and applications are designed and implemented to be secure. If you enjoy testing hardware, software and services from a security perspective, and you are experienced at discovering subtle security issues that appear under new threat scenarios, this position will provide you with a challenging opportunity.

Key Functions

? Evangelize secure development practices to our client's product development teams

? Perform security design sessions on new and updating products

? Perform risk and threat analysis of products

? Conduct device and application-level vulnerability and penetration testing

? Work with product teams conducting security code-reviews on many of Client's solutions

? Work closely with our software, system, and network engineers to enhance our security posture

Duties & Responsibilities

? Identify potential threats and work with engineers to make recommendations and implement cost effective security controls to meet market security requirements and address security deficiencies and issues.

? Monitor, evaluate, and maintain systems and procedures to ensure our products remain secure.

? Research, recommend, and implement changes to systems and procedures to enhance product security.

? Develop and conduct periodic product security tests and audits.

? Perform analysis on newly proposed product features and provide working solutions to resolve and security related issues.

? Communicate security requirements and procedures to all stakeholders.

? Coordinate with and support Development and other stakeholders as appropriate.

? Communicate to the market, trade groups, partners and customers Client's security landscape and roadmaps as appropriate.

? Recommend and drive secure development and test practices into our product development organizations.


Experience: This position requires a minimum of 8 years totals years of experience in security architecture with the following:

? Minimum of 5 years of software development experience using C, C++, and/or .Net programming languages.

? Minimum of 3 years of experience with either Python or PERL

? Minimum of 3 years of experience as a systems security engineer or architect.

? Minimum of 2 years of embedded and/or device driver implementation.

Education: Bachelor's degree or equivalent experience Computer Science/MIS/Engineering preferred.

Certification(s): CISSP or GIAC certifications preferred

Preferred Skill Sets and Experience:
? Versed in all aspects of UNIX, Windows, and network security.

? Experience with or knowledge of the configuration, operation, and management of firewalls, VPN, SSH, PKI, Wireless, and vulnerability assessment tools.

? Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, and applied cryptography

? Strong experience in web-application security

? Experience with service-oriented architecture and web services security

? Experience with the application of threat modeling or other risk identification techniques

? Detailed knowledge of application-level security vulnerabilities and remediation techniques, including penetration testing and the development of exploits

? Solid understanding of technology best practices (operating systems, network and computer operations, production support, and information security).

Working knowledge on creation and implementation of client and server side SSL certificates..

? Experience working in complex and integrated solutions, preferably including sensors or mobile field devices along with back-office data processing systems.

? Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

? Understanding of Federal Information Process Standards related to security and FIPS certification is desired.

? Understanding of NERC CIP standards is desired.

? Excellent written and verbal communication skills

? Excellent leadership skills and teamwork skills

? Results oriented, high energy, self-motivated