Staff Security Software Engineer
at Ivanti Bucharest, Romania
Meet the Team
Our engineering team is at the core of our products with the mission of providing Secure Access. Our solutions, suites and SaaS platform uniquely integrate cloud, mobile, application and network access to enable hybrid IT.
We are continuously innovating challenging the way we, and the industry, think about Secure Access. Our engineers are working and build products to solve complex problems in the Zero Trust World.
As part of the Security Engineering Team in Bucharest you will work with multiple highly skilled development teams to improve and execute Secure Development Life Cycle to provide secure products and solutions to our clients.
Acting as a subject matter expert, you will be responsible for providing secure coding best practices to development teams while also working to enable tools and capabilities that support SDLC processes.
What a day will look like for you :
Design and develop new features using Agile development processes
Pay special attention to the Quality & Security in all stages of development
Ensure a high degree of security as well as reliability, availability, performance and scalability
Maintain existing code and troubleshoot issues in large scale complex environments
Collaborate with other teams in the organization
Drive innovations by staying on top of the emerging technologies and trends
Play a key role in evolving the product architecture
Provide technical leadership and mentorship to other team members
Key technical qualifications
Thorough understanding of the threat and attack landscape, latest security trends, attack vectors, vulnerabilities, and how they are leveraged by malicious actors
Strong understanding of certificates and encryption
Ability to triage, reproduce, recommend remediations and implement fixes for security vulnerabilities
Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
Extensive experience in web application security, SSDLC, Threat Modeling
MUST have experience analyzing reports from following tools Coverity, Blackduck, and DAST / SASTand fixing those issues.
MUST have experience working with analyzing issues filed by PSIRT teams and fixing those issues
MUST have good understanding of the Operating System concepts, mainly Linux
Experience implementing, running and maintaining tools and / or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
Good Understanding of Networking Protocols (DHCP, TCP / IP, AAA, RADIUS, LDAP, SNMP, 802.1X, IPSec) and experience working in Networking Security products preferably in SSL-VPN / NAC products.
If not SSL-VPN / NAC, then at least they should have worked in IPSec based products.
Experience working in an AGILE environment and working with a geographically distributed team
Expertise in cloud architecture and security fundamentals including containers, software-defined networks, high availability design, multicloud, and serverless compute is a PLUS
Familiarity with technical security controls, guidelines and frameworks outlined by standards such as industry standard cybersecurity frameworks, such as NIST CSF, ISO 27001, CIS Benchmarks, HITRUST is a PLUS
Who you are
An experienced expert in Security Engineering with a vast experience in this domain
An autonomous individual able to work in a self-directed environment that is highly collaborative and cross functional
Deeply curious in understanding and researching vulnerabilities and exploitation techniques
Self-driven, motivated and passionate about your work
A self-learner, who takes initiative to work with others to find solutions to problems / assignments that they work on
Good at problem-solving
An excellent Team Player, able to work with others to arrive at solutions
What’s in it for you
A collaborative environment driven by excellence, respect and support
Market competitive salary
25 days of holiday
Private healthcare, flexible budget and others