Please note that this is a perm Product Security position and not a Corporate IT Security position. Also, it relates to Application Security, as opposed to Network Security or System Security. Location: Burlington, MA USA
My client is looking for a Software Product Security Specialist to help define and evangelize security best practices for all delivery models. As a member of the Application Security and Compliance team, you will guide our software development organization through the product secure development life cycle process. You will provide guidance and expertise on security of products as well as advice to developers on application security best practices. You will prescribe actions, co-establish remediation plans and track progress. You will be aware of industry trends, advances in technology and current threats as they pertain to application security.
You will work with smart and passionate people to deliver results that have a direct impact on the company’s bottom line.
You will take on important and exciting responsibility from day one, working with key stakeholders across the company.
You will be challenged to excel and lead alongside the brightest talent in the industry and be rewarded for your achievements.
Drive consistency and adoption of application security best practices through creation, implementation and execution of policies and procedures
Establish best practices for the efficient management and safeguarding of resources and assure internal controls meet company standards
Performs risk assessment of products to prioritize products requiring security scrutiny.
Conducts security architecture reviews on existing products and offer plans for remediation.
Works with development and testing teams to ensure the use of secure coding practices
Performs code review from a security perspective.
Performs threat modeling activities.
Bachelor of Science degree in Computer Science (or equivalent experience).
3+ years of experience as a product security professional for a software engineering organization and/or ISV.
Secure software development lifecycle experience and adherence to industry benchmarks (OWASP top 10, SANS top 25, MS SDL, etc.)
Detailed technical knowledge of two or more of the following security activities: product risk assessment, security architecture reviews, security code reviews, and threat modeling.
Experience in using application security tools for both static and dynamic scanning; experience with IBM AppScan is a plus
Knowledge of web and distributed application architecture, programming languages and technology.
Knowledge of Security Assurance and Certification benchmarks (ISO 27034, ISA 62443, etc.)
High energy, focus on delivering results, and ability to self-manage.
Continual drive to increase your knowledge and enhance your skills.
High level of personal integrity, ability to professionally handle confidential matters, and reflect appropriate level of judgment and maturity.
Excellent interpersonal, communication and presentation skills.
Demonstrated ability to convey complex information in a clear and concise manner.
Preferred Qualifications that would be a plus:
Certified Information Security Professional (CISSP), and Certified Information Security Manager (CISM) certifications.
Proficiency in Enterprise System Security including Authentication, Authorization, Permissions, LDAP, Active Directory, OAuth, SAML 2.0 tokens
Experience in implementing dynamic and secure web services; knowledge of WS* Web Services and REST.
Experience Agile Software Methodology, Scrum, iterative software methodologies.
If interested and more importantly qualified, please send updated resume with contact info to firstname.lastname@example.org and you will be contacted immediately.
Unfortunately Visa Sponsorship or transfer NOT available for this role.