Lead Cyber Security Test Engineer

Location: Austin, TX, United States
Date Posted: 01-02-2019
We are currently seeking a Security Test Engineer to join our Security & Resiliency team, based in Hopkinton, MA or Austin, TX.
Key Responsibilities

Overview:
The Product Security Test Engineer will join the Product Security Office as a member of our Security Development Lifecycle (SDL) team.  The SDL is a strategic program for consistently building demonstrably resilient software across a diverse product and technology portfolio – ranging from firmware to high-level applications.
 
This role will be working with several complex products and will lead, mentor and influence them into implementing security development controls such as threat modeling, static analysis, complete mediation, and custom security verification into their product lifecycles. 
 
Principal Duties and Responsibilities:
  • Proactively advises product teams on secure design and coding considerations
  • Creates and updates threat models for new and existing products, assess severity using CVSS and provides mitigation and verification recommendation to engineers  
  • Generates efficient test plan from a threat model; test plans should include static and dynamic analysis recommendations as well as specific test cases for custom verification
  • Leads secure design, coding and/or testing workshops to teach other engineers how to efficiently apply security development practices
  • Contributes to the ISO 27034 Application Security Control catalog
  • Acts as a Security Development Lifecycle (SDL) evangelist and a subject matter expert on SDL
 
Preferred:
Master's degree in Information Security or similar technical field strongly preferred Knowledge of Containers (Docker/Kubernetes), microservices and Container Orchestration technologies is a strong plus Competency in secure coding in multiple languages, including at least one scripted and one compiled language Industry certifications: GIAC, CISA and/or CISSP, CSSLP
 
Qualifications:
Required:
Bachelor’s degree in Computer Science, Computer Engineering or related field with 8+ years relevant experience; or Master’s degree with 6+ years relevant experience; or equivalent experience Understanding of prevalent security vulnerabilities such as authentication bypass, command injection and cross-site request forgery, their impact, and their efficient remediation Understanding and hands-on experience of efficient security development practices including threat modeling, applying security design principles, secure coding, static and dynamic analysis, and custom security verification (the candidate should be a demonstrated expert in at least one of these activities and should have functional mastery of the others) Proven experience in at least one of the following is highly desired:
  • building security in Cloud-based solutions
  • DevSecOps
  • continuous verification
  • fIrmware expertise
Strong communication skills are a must; must be able to communicate and influence engineers and managers Ability to work with diverse and global teams
For more information, please apply below or contact us
 
this job portal is powered by CATS