• 609.720.1000
  • 609.543.1185

Job Openings

First Tier Technology : Financial Services

Consultant, Software Security

Post Date : 02 Sep, 2016   |   Expiry Date : 31 Dec, 2017
 
Location : Jersey City, NJ        
Skills : software security architecture, TCP/IP, HTTP, SSL/TLS, PKI, OWASP, WASC, software development experience, Java        

Role: The Security Risk Management (SRM) Group, under the leadership of the Chief Information Security Officer (CISO), is tasked to protect information assets in support of business objectives and in conformity with policies. The Software Security Assurance Team is a core function of SRM and is primarily responsible for establishing and guiding the Secure Software Development Program within the company. These activities include creation and rollout of software security policies and best practices, software security architecture, software security scanning, penetration testing and the education of software developers and testers in security best practices. The Software Security Engineer reports to the Director Software Security to ensure the control and protection of software, improve the software development process, and minimize defects and vulnerabilities in software production. Responsibilities: • Assess current practices and identify and implement relevant policies to ensure state of the art development practices as they relate to security  • Influences the selection of Software Security Assurance (SSA) program elements including supporting tools.  • Integrate software security scanning and testing into the company's software development, build and testing programs  • Conduct software security testing, including penetration testing, to confirm the results of design and code analysis, investigate software behavior, and verify that the software complies with security requirements  • Identify and categorize information to be contained in or used by  software which help determine risk and/or control solutions including application security frameworks  Requirements: • Bachelor’s degree in a related field and/or a minimum of 7 years of equivalent experience.  • Experience performing software security architecture, design and requirements analysis for large-scale enterprise systems  • Solid understanding of a variety of software security practices, secure code reviews, vulnerability scanning methods, threat modeling, security requirements analysis and architectural risk analysis  • Expert knowledge in application vulnerability types, attack vectors and remediation approaches  • Expert understanding of the IP protocols and associated security mechanisms: TCP/IP, HTTP, SSL/TLS, PKI.  • Familiarity with well-known application security sources and standards such as OWASP, WASC, NIST and CVE  • Extensive applied knowledge with static and dynamic analysis tools and hacking tools  • 5+ years of enterprise software development experience. Java programming skills including knowledge of JSSE and other security features is preferred. Experience with NET/ASP/C# also a plus.  • Background in mobile application development (Objective C, HTML5) and mobile security a plus.  • development experience with strong Java programming skills including knowledge of JSSE and other security features.  • Working knowledge of Java development environment including tools and framework used by developers, develops and testers (e.g. Eclipse, Spring, Jenkins, Maven, Jira, Selenium)  • Experience leading enterprise deployment of application security tools, services and controls  • Military education or experience may be considered in lieu of requirements above   

Apply Now
← Back to Jobs