Our Client is looking to hire an experienced mid to senior-level Product Security Engineer to ensure that our embedded software, networking, and applications are designed and implemented to be secure. If you enjoy testing hardware, software and services from a security perspective, and you are experienced at discovering subtle security issues that appear under new threat scenarios, this position will provide you with a challenging opportunity.
? Evangelize secure development practices to our client's product development teams
? Perform security design sessions on new and updating products
? Perform risk and threat analysis of products
? Conduct device and application-level vulnerability and penetration testing
? Work with product teams conducting security code-reviews on many of Client's solutions
? Work closely with our software, system, and network engineers to enhance our security posture
Duties & Responsibilities
? Identify potential threats and work with engineers to make recommendations and implement cost effective security controls to meet market security requirements and address security deficiencies and issues.
? Monitor, evaluate, and maintain systems and procedures to ensure our products remain secure.
? Research, recommend, and implement changes to systems and procedures to enhance product security.
? Develop and conduct periodic product security tests and audits.
? Perform analysis on newly proposed product features and provide working solutions to resolve and security related issues.
? Communicate security requirements and procedures to all stakeholders.
? Coordinate with and support Development and other stakeholders as appropriate.
? Communicate to the market, trade groups, partners and customers Client's security landscape and roadmaps as appropriate.
? Recommend and drive secure development and test practices into our product development organizations.
Experience: This position requires a minimum of 8 years totals years of experience in security architecture with the following:
? Minimum of 5 years of software development experience using C, C++, and/or .Net programming languages.
? Minimum of 3 years of experience with either Python or PERL
? Minimum of 3 years of experience as a systems security engineer or architect.
? Minimum of 2 years of embedded and/or device driver implementation.
Education: Bachelor's degree or equivalent experience Computer Science/MIS/Engineering preferred.
Certification(s): CISSP or GIAC certifications preferred
Preferred Skill Sets and Experience:
? Versed in all aspects of UNIX, Windows, and network security.
? Experience with or knowledge of the configuration, operation, and management of firewalls, VPN, SSH, PKI, Wireless, and vulnerability assessment tools.
? Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, and applied cryptography
? Strong experience in web-application security
? Experience with service-oriented architecture and web services security
? Experience with the application of threat modeling or other risk identification techniques
? Detailed knowledge of application-level security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
? Solid understanding of technology best practices (operating systems, network and computer operations, production support, and information security).
Working knowledge on creation and implementation of client and server side SSL certificates..
? Experience working in complex and integrated solutions, preferably including sensors or mobile field devices along with back-office data processing systems.
? Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
? Understanding of Federal Information Process Standards related to security and FIPS certification is desired.
? Understanding of NERC CIP standards is desired.
? Excellent written and verbal communication skills
? Excellent leadership skills and teamwork skills
? Results oriented, high energy, self-motivated
Keyword: CISSP GIAC