Lead Security Software Engineer Under limited supervision, the Senior Security Software Engineer assists engineering teams to identify and satisfy security requirements in their software throughout the software development lifecycle. They are responsible for equipping teams with the skills and tools required to perform threat modeling and identify/defend against common OWASP Top-10 vulnerabilities. This is accomplished via embedding engineering engagements wherein the security engineer participates in team SDLC activities and pairs up with developers and testers over multiple sprints. Responsibilities As a member of an Agile SCRUM team: Identify and prioritize security requirements deficiencies via threat modeling Design practical strategies to fully satisfy or partially compensate the associated risks of the identified threats Develop a test plan to verify that security requirements have been satisfied, incorporating functional testing and commercial penetration testing tools Automate security tests in Java using tools such as Selenium, REST Assured Assist teams in incorporating security best practices into their sprint activities Educate stakeholders in the engineering team to be able to perform the above activities Design and develop engineering tools to solve common security engineering problems that development teams are facing Education and Experience Required: Bachelors or Masters in Computer Science, Computer Engineering, or a related field 5+ years of cumulative experience in software development and/or test automation Hands-on experience with object-oriented programming in Java (preferred), C#, or Ruby Practical knowledge of modern software design patterns Solid understanding of common security threats facing the software industry (OWASP Top-10) Basic penetration testing experience using common tools (ex: Burp, Zap) Firm grasp of common software development lifecycles (ex: Agile Scrum, TDD) Demonstrated understanding and experience with object oriented design. Demonstrated understanding and application of algorithms to test solutions. Ability to communicate effectively with security novices Firm grasp of SQL and relational database design Preferred: Experience developing in and securing Amazon Web Services applications Experience in developing threat models using a diagrammatic approach Knowledge of common risk classification systems (ex: STRIDE) and risk ranking models (ex: CVSS, DREAD) Working Conditions Work is normally performed in an office environment. Occasional travel and extended hours may be required.