Summary of This Role

 Scrum with co-locatedapplication and infrastructure teams in Bitbucket to review code and workthrough security challenges. Pair program with developers to remedy key issues

 Document andcontinuously refine security best practices and standards. Develop deepunderstanding of our business and technology and recommend changes in process.

Partner with members of the Security org to work withleadership to provide status and reporting on the state of security across theentire application, infrastructure and corporate technical stack

Perform and analyze Static Code Scans using Fortify toidentify exposure to common security vulnerabilities. Aide development teams inthe identification of false positives found in static code analysis

 Threat model existingand future applications. Create frameworks that allow our teams to find flawsbefore they are introduced into production environments.

 Provide monthly,quarterly and ad-hoc reporting for trending, risk assessment, compliance, andactive exception reporting of projects

Maintain and implement enterprise security policies,standards, procedures and guidelines

You are an ideal candidate if you:

 You want to help yourfellow engineer deliver product and have a natural inclination to collaboratewith development and infrastructure teams.

Have a startup personality and enjoy working as part of ateam. You can think outside the box and come up with creative ways to solve aproblem.

 Have 2+ years ofexperience as a security engineer in a production environment

 Have workingknowledge of software build pipelines and tools like GitHub, Jenkins,Artifactory, etc

Seeking someone with at least two languages of comfort, suchas Ruby, Bash, Java, Python, Perl, or Go

Working knowledge of TCP/IP, ICMP, SSH, LDAP, DNS, and otherlow-level Linux cli command and utilities

Experience with HP Fortify, HP Web Inspect, and/or HPSoftware Security Center (SSC). Analyze scan results from Fortify SCA andcommunicating/remediating findings to/with technical teams

Strong knowledge of application security weaknesses andvulnerabilities, remediation and mitigation techniques, and secure codingpractices

Qualifications:

Bachelor's Degree in Computer Science or similar field

 Minimum of 5+ yearsof experience with application development and SDLC

 Minimum of 3+ yearsof experience with application and information security

CISSP certification in good standing

Comprehensive understanding of common Application SecurityVulnerabilities (OWASP Top 10 / SANS Top 25 CWEs)