Turnberry Solutions: Software Security Engineer at Turnberry Solutions (Philadelphia, PA) (Philadelphia, PA)

Posted: Feb 13, 2019

Software Security Engineer in Philadelphia, PA 19103

Interview Logistics:

Phone Interview

F2F Interview


Required Skills Set:

Years of Experience: 10+

Education Required: Bachelors Degree or Equivalent Work Experience

  • Proficient at the secure software development lifecycle and DevSecOps
  • Deep understanding of OWASP and SANS top vulnerabilities
  • Good understanding of identity, authentication and authorization systems
  • Good understanding of cryptographic trust based systems
  • Cloud security knowledge preferred
  • Data and database security
  • Knowledgeable in Federation, SSO, IDS, IPS, Host Based Firewall, WAF (Web Application Firewall), DNS, DHCP, HTTPS/TLS, SSH, Key Management, PKI, Tokens, SAML, OAUTH, Fido knowledge preferred
  • Knowledgeable in compliance standards like: PCI, CPNI, ISO 27001, FCC Regulations, SOX, Subscriber PII
  • Coding / Scripting experience required
  • Security expertise in one or more relevant areas
  • Proficient in using some of these Tools SAST/DAST (Coverity, Fortified, IBM AppScan, Veracode, BurpSuite, Web Inspect), Wireshark, MobSF pen-testing framework, Needle, Inspeckege, Drozer etc, Code Repository (GitHub, TFS), Configuration mgmt. (Ansible, Terraform, AWS Cloud Formation)


Experience

  • 10+ years of experience in security and technology based industry
  • 5 years of experience working with various security architectures


Education:

  • Bachelor's Degree in Information Systems, Computer Science, Management Information System, Cyber Security or Engineering


Personal Characteristics:

  • Solid written and verbal communication skills
  • Technology savvy, resourceful and self-motivated
  • Natural passion and curiosity to problem solving
  • Continuous self-learner, through various mediums
  • Consistent exercise of independent judgment and discretion in matters of significance
  • Proven ability to operating with collaboration
  • Comfortable working with technical and non-technical teams, business stakeholders, technical and business leadership
  • Analytical, planning, negotiation and facilitation skills
  • Ability to multi-task and manage multiple initiatives without direct supervision

Additional Preferred Skills:

Industry Recognized Certifications in Security (a plus)

  • Certified Ethical Hacker CEH (preferred)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Licensed PEN Tester (LPT)
  • Global Information Assurance Certification (GIAC)
  • Certified Secure Software Lifecycle Professional (CSSLP)

Project Description:

This key role is part of the Infrastructure Engineering and Operations team. The ideal candidate will work internally with App/Dev/Platform teams and externally with global security teams to ensure application and system security posture for the organization is implemented and maintained to world class security standards. This includes helping and guiding application development and platform teams to develop application with utilization of security best practices from ground up, implementing secure coding practices, helping security maturity in on premise and at public cloud environment being established in AWS/Azure to ensure security considerations are implemented and met for best practices. This is a perfect opportunity for the successful candidate to become a part of an innovative, energetic team that believes; 'security must not be an afterthought, nor is an impediment to delivery velocity but can be achieved as a balancing act b/w managing risk and ensuring high quality delivery velocity'.


Key Functions:

  • Perform security assessment and compliance activities by using assessment tools and procedures for the organization
  • Continue to engage and build relationship with internal app dev teams and global Technology and Product Security teams
  • Facilitate implementation and execution of static, dynamic and run-time code analysis (SAST, DAST, IAST/RASP) and also work with application and internal teams for to ensure secure coding practices are implemented
  • Lead and respond to security-related incidents. Provide a thorough post-incident analysis including steps to minimize/remediate and fix the impact
  • Develop strategies to respond to and recover from a security breach
  • Investigate security breaches by conducting a technical and forensic investigation into how the breach happened and the extent of the damage
  • Participate and help facilitate Threat modelling workshops
  • Participate in security architecture review (SAR) / application security assessments to ensure all security design best practices and standards are met
  • Support the research of emerging technology, requisite security requirements, and emerging threats and develop way-forwards to meet organizational goals
  • 1-2 years' experience in Cloud Security with exposure to AWS / Azure Native Security
  • Familiarity and exposure to Network Security, Operating System Security, Web Security and End Point Security
  • Good understanding and familiarization with data encryption
  • Assist in evaluation, selection and implementation of encryption solutions and key management systems

Physical Environment and Working Conditions:

Must be able to work on site in Philadelphia, PA

More Information

Source: Stack Overflow


More Opportunities: