Principal Software Architect I
Axway
Bucharest, RO
3 zile în urmă

Overview

In 2020, we are pursuing our ambitions to continue to enable organizations' digital transformation. We are looking for our new Principal Security Engineer to join Axway's family.

Are you ready? Join us now!!!

Together we can. Together we will. Axway is an enterprise integration company that's been around for over 20 years to digitally transform enterprises of all sizes - more than 11,000 in 100 countries at last count.

Axway revitalizes heritage IT infrastructures to enable brilliant digital customer experiences, unlock new business innovation and capabilities, and put companies on a secure, future-proof path for growth.

You'll exchange ideas with a culturally rich global community of over 1,800 members who connect remotely or show up onsite in virtually every time zone on the planet.

And you'll have the support and camaraderie of your Axway leadership and colleagues to serve as a reminder that you're not alone on your journey, and that every day, you've taken one more step forward.

With Axway, you'll go far because we're better together. Learn more : www.axway.com.

Responsibilities

The Principal Security Engineer is a member of Axway's world-class security team, the Product Security Group (PSG). PSG are a global team Axway R&D, focused on supporting the delivery of secure products and services in cloud-native and on-premise applications that serve the most security-conscious industries worldwide.

Axway utilizes a structured approach for reviewing and validating the security of Axway products and cloud services with a mix of the following tools and processes : vulnerability monitoring, vulnerability management, static source code analysis, threat modeling, manual penetration testing, automated penetration testing, automated vulnerability scanning, third party penetration testing, developer training in secure coding practices, and development / management of Axway security frameworks.

The Security Engineer provides support to Axway R&D Organization in the application of the Secure Development Lifecyle (SDLC) for Axway products and cloud services.

This position has primary responsibility for driving and continuously improving the SDLC, designing and supporting security controls, optimizing security testing suites, providing training in secure coding, and evangelizing security best practices within Axway.

This position also has a role in performing vulnerability assessments, security penetration testing (Red Team), and guidance on the remediation and mitigation of security findings.

Responsibilities :

  • Lead the product teams through the Axway SDLC
  • Guide secure coding practices and processes
  • Guide secure architecture and secure product designs (Threat Modeling)
  • Incorporate cloud security architecture (AWS) secure design and best practices
  • Support teams in applying security within the CI / CD / CD process (DevSecOps)
  • Lead, perform, and guide penetration testing on Axway products
  • Support customers, development teams and PSG in technical analysis and triage of security scan results
  • Support the management, control and upgrade of selected SDLC tool suites
  • Training R&D and Operations on security concepts and best practices
  • Qualifications

    Helpful Skills to Support the Responsibilities :

  • Technical leadership skills, coupled with strong communication skills
  • Securing applications and infrastructure in cloud environments such as AWS
  • Java, JVM, JCA / JCE experience, Crypto Library JDK’s
  • C / C++ coding or analysis experience
  • Static analysis (SAST) tool experience such as Fortify, Checkmarx, Coverity
  • Attack surface tool experience such as InsightVM, Qualys, Nessus
  • Dynamic application security testing (DAST) experience with tools such as AppSpider, Zap
  • Opensource composition analysis using tools such as Dependency Check, Whitesource, Snyk
  • TLS, SSL, PKI, and certificate management experience
  • Layer 3 thru 7 network security experience
  • Vulnerability management procedures
  • Penetration Testing
  • Authentication and Authorization mechanics and protocols
  • Understanding and experience in IH / IR
  • Secure system configuration and deployment of infrastructure
  • Experience with Infrastructure as Code such as Terraform, Ansible
  • Experience with security best practices orchestration platforms such as Docker, Kubernetes, EKS
  • Ability to learn new products and technical concepts quickly
  • Successfully manage time and technical responsibilities, set accurate expectations and meet deliverable deadlines while working in a team environment
  • Comfortable working on both Linux-based and MS Windows-based system platforms with a strong technical understanding and aptitude for analytical problem-solving.
  • Strong understanding of application level security issues.
  • Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP / IP networks
  • Understanding of the system hardening processes, tools, guidelines and benchmarks.
  • Strong understanding of encryption technologies, Java / Linux and Microsoft implementations
  • These essential functions are representative of those that must be met by an employee to successfully perform the job. Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions.

    Position may be required to perform other duties as required. Travel requirements may be up to 15% and include international travel destinations.

    Qualifications :

  • Bachelor’s degree in Computer Science, Information Technology or related field. Master’s preferred.
  • A minimum of 7-10 years of product development experience; at least 5 of those years focused on product security.
  • Hands-on experience in many of the following areas : HTTP, XML, REST, C / C++, Java, Web Servers (Apache / IIS), Scripting languages (Javascript, Python, node.
  • js, etc.), Threat Modeling, Penetration testing, Dynamic and Static analysis, Fuzzing, Vulnerability remediation techniques, Knowledge of the CVE, The OWASP top ten, the SANS top 25.

  • Experience using Microsoft Office suite tools to create documents, presentations, and detailed drawings.
  • Superior technical writing, documentation, and communication skills are required.
  • Several years of hands-on experience with AWS Platform and AWS Security and nice-to-have AWS certifications
  • Has achieved an information security certification such as CSSLP, GWAPT, GPEN, OSCP, AWAE, CCSP or similar, or ability to obtain within 18 months of hire
  • Career Development

    Employee career development is one of Axway’s major company values; and we are deeply committed to helping them leverage the promotion and job mobility opportunities that are right for them.

    This is what our candidates can expect from us if they choose to join our team :

  • A personal development plan (technical, product & functional) in order to insure your integration and your performance
  • Competitive remuneration package and real benefits
  • Potential for growth in an international company
  • Friendly working environment with experienced professionals
  • Flexible working hours when need
  • Extra paid vacation days
  • Open games area table tennis, sports and more!
  • In addition, Axway’s global presence creates opportunities for geographical mobility both within Axway subsidiaries.

    Raportați această lucrare
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Aplică
    Email-ul meu
    Făcând clic pe "Continuă", acord nevoo consimțământ de a procesa datele mele și de a-mi trimite alerte prin e-mail, așa cum este detaliat în policyApplicația de confidențialitate a lui neuvoo. Pot să-mi retrag consimțământul sau să mă dezabonez în orice moment.
    Continuă
    Formular