JOB TITLE : Senior Security Engineer
Drives implementation of product security architecture framework that will facilitate the implementation of and adherence to Secure Development Lifecycle (SDL).
Drives implementation of software development and operating policies used by developers. Identifies information security architecture gaps.
Recommends changes, enhancements, or other mitigating controls using a risk-based approach.
Essential Functions :
Govern implementation of secure development lifecycle for teams with matrix management model in agile environment to assure adherence to architecture blueprint and security standards
Ensure security scnning automation wotks as designed and apply fixes when necessary.
Review threat models with engineering teams.
Triage code analysis reports and enforce secure coding standards
Perform proof of concept with new technologies.
Model and simulate attack scenarios with published vulnerabilities.
Take active interest in promoting security awareness and mentor members of the development teams on company security standards, including secure coding guidelines
Demonstrated aptitude for learning new technologies
In-depth knowledge of common application vulnerabilities and techniques to identify and fix them
Solid understanding of Secure Development practices
5-8 years of experience in web development working on large scale, high volume systems.
Working knowledge of container-based technologies and micro-services.
Understanding of symmetric and asymmetric encryption and hashing functions : RSA, AES, SHA , etc.
Broad-based business and technical knowledge
Familiarity with threat modeling
Experience with security penetration testing is a plus
CISSP (or similar certification) or commitment to achieve one desired
A definite plus
Practical knowledge of NIST guidelines on authentication and cryptography
Bachelor’s degree in math, engineering or relevant experience
Travel : no more than 5%
no more than 5%
From the Hiring Manager :
Join our team
If you had an epiphany that majority of security issues boil down to a simple, preventable mistake in coding or configuration and the rest are not preventable, so no reason to worry about.
If you think you can influence people to do technology the right way .
If you are passionate about threat modeling.
If for you things worth doing are the things worth doing right
If you enjoy working in fintech with new technologies and most demanding customers.