Application and Product Security Engineer
- Washington D.C., District Of Columbia -
Seeking an Application and Product Security Engineer
Location: Washington D.C.
Salary: $140, 000 – $160, 000
- Seeking an Application and Product Security Engineer with a focus on software development and operational technology (OT) solutions.
- In this role you will partner across organizations to drive improved Software/Systems Development Lifecycle capabilities.
- You will also engage with mine operations experts to design, build, and measure success of security controls in OT environments.
- The successful candidate will be a subject matter expert with hands-on experience in a wide range of cloud technologies, software development, application security and security architectures, security tools, and methodologies.
- As an AppSec Engineer, you will apply your experience and expertise to challenging technical problems. You will work in a security team, but also as a partner with product teams and consultatively provide your security experience.
- This is a hands-on technical role that will provide the right candidate an exciting opportunity to leverage and grow technical, process and leadership skills in an exciting area of the company.
- Develop approaches to address the implementation of software and OT security solutions
- Consult development teams on security requirements and utilize common components to meet them and documenting of a secure software development lifecycle.
- Be able to scope and participate in hardware and software penetration tests, vulnerability identification, and vulnerability risk assessment
- Create and track meaningful metrics around product cyber risk and compensating controls
- Create vulnerability and incident trend analysis to improve product design
- Perform end-to-end application security reviews to ensure data, system components, and communication channels are appropriately protected.
- Maintain cyber service catalog and conduct proactive vulnerability monitoring and assessment on cyber components
- Engage and administer End-of-Life processes for digital products
- Engage in application and domain-specific threat modeling and attack surface analysis/reduction
- Architect, design, implement, support, and evaluate security focused tools
- Bachelor’ s Degree in Computer Science or in “ STEM” Majors (Science, Technology, Engineering and Math)
- 8+ years’ experience in Information Technology
- 6+ years’ experience in Cyber Security engineering and support
- 4+ years’ experience in Software Security or OT/Product Security
- Must be willing to travel domestic & international
- Must be willing to work out of an office located in Northern Virginia, DC Area
- Experience with secure coding principles; code signing and secure boot
- Experience with penetration testing and ethical hacking
- Practical implementation and architectural experience in encryption techniques, including data at rest and in transit
- Proficiency in creating dataflow diagrams, network diagrams, and other application related design documents
- Proven experience in security code review and code analysis
- Must be fully proficient in, and able to instruct others, on the OWASP Top 10
- Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
- Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
- Experience in securing cloud infrastructure such as AWS, Azure and alike (i.e., inspection, logging, WAF, VM)
- Experience in deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS), specifically within AWS, Azure and GCP
- Minimum of 5 years of experience with detection technologies (e.g. Snort, Suricata, Bro, netsniff)
- Minimum of 4 years of experience with scripting languages (e.g. Ruby, Python, Perl, and Powershell)
- Minimum of 2 years of experience with cloud technologies (e.g. AWS, Azure, OpenStack)
- Minimum of 1 year of experience with secure development life-cycles
- Minimum of 1 year of experience with identity management and authentication (Oracle OIM, AD)
- 5-7 years of experience administering Unix-like operating systems (e.g. Linux, OSX)
- 5-7 years’ experience administering orchestration tools such as Puppet, SALTStack, Chef, or Ansible
- Nice to have familiarity with industrial control systems Cyber Security norms and standards (IEC62443, NERC-CIP, ANSSI, ISO 27k…)
- Prior experience working within an Agile framework (Scrum/Kanban)
- One or more Security Certifications or equivalent (CISSP, etc.)
- One or more Platform Certifications or equivalent (RHCE, LFCE, etc.)
- Familiarity with data analytics and machine learning principles and techniques
- Knowledge of SIEM API integration techniques
- A comprehensive compensation package including bonuses, benefits, and stock purchase plans where applicable
- Access to a variety of career opportunities across locations
Due to the high volume of applications we typically receive, we regret that we are not able to personally respond to all applications. However, if you are invited to take the next step in the process, you will typically be contacted within 2 weeks of submitting your application.