Sr. Security Software Engineer

PeopleNTech LLC
Rockville, MD
Jan 20, 2022
Jan 22, 2022
Full Time
Job DescriptionLocation: Rockville, MD (Remote till COVID ends)Role: Security Software Engineer Resource needs to write code in a screen-sharing session to solve a simple problem (similar to "compute N'th Fibonacci number", or "count unique occurrences of numbers in a list", etc) Design a simple API using Object-Oriented principles (similar to "design objects to store different types of vehicles in a used car lot, capturing these types of properties") Discuss the Agile/Scrum SDLC and where security fits in on each phase Job Description below. Descriptio n Under minimal supervision, the senior security software engineer assists engineering teams to identify and satisfy security requirements in their software throughout the software development life cycle (SDLC). They are responsible for equipping teams with the skills and tools required to perform threat modeling and for identifying and defending against common OWASP top-10 vulnerabilities. This is accomplished via embedded engineering engagements wherein the senior security software engineer participates in team SDLC activities and pairs up with developers and testers over multiple sprints to achieve a secure SDLC. Responsibilities * identifies and prioritize security requirement deficiencies via threat modeling* independently develop a test plan to verify that security requirements have been satisfied, incorporating functional testing and commercial penetration testing tools* design practical strategies to fully satisfy or partially compensate the associated risk of identified threats* independently automate security tests in java using tools such as selenium and rest assured* assist teams in incorporating security best practices into their sprint activities* educate stakeholders on the engineering team to be able to perform threat modeling and security testing* design and develop engineering tools to solve common security engineering problems that development teams are facing* participates in reviews of system architecture, code, and design documents.* participates in product code reviews and test automation reviews Education &Experience Bachelors's degree in Computer Science/Engineering/other STEM degree and 5 years of software development and/or test automation or the equivalent combination of training and experience. (or) Master's with 3 yr. Knowledge,Skills,Abilities * solid understanding of common security threats facing the industry (OWASP top-10) and how to defend against them* basic penetration testing experience using common tools (eG Burp, Zap)* demonstrated understanding in computer science fundamentals - algorithm design, problem-solving, complexity analysis, and data structures.* proven experience with modern programming languages and common development technologies with software architecture and design skills.* demonstrated an understanding of modern SDLC (Agile, Scrum, Kanban).* demonstrable experience in architecting, designing and developing software or test suites* demonstrable experience with cloud-related technologies.* demonstrable experience with UNIX/Linux environment.* must be self-directed, detail-oriented and have excellent written & oral communication skills.* ability to work in a fast-paced environment Preferred * experience developing in and securing amazon web services applications* experience in developing threat models using a diagrammatic approach* knowledge of common risk classification systems (ex: ex: STRIDE) and risk ranking models(ex: CVSS, DREAD)* experience with SAST tools like Checkmarx* experience with IAST tools like Contrast* experience with SCA tools like Black Duck

Similar jobs