Current Opportunitie

Senior Principal Information Security Software Engineer

Sr. Principal Information Security Software Engineer

Industry: Aerospace / Aviation / Defense

Job Category: Information Technology – Security

 

Job Description:

The Information Security Software Engineer is responsible for the Security architecture, strategy and policies governing application deployment.

  • This individual will be required to work across the corporation and various levels of engineering and management to identify and set direction.
  • In-depth Knowledge of PKI
  • Must have proven ability to present decisions to Executive Management and technical specialists for consensus building across the corporation.
  • Must demonstrate mastery of hands-on information software and security competencies to be considered for this position.
  • Some travel will be required.
  • Responsible for architecting Web Application Security controls across the corporation, including Web Applications Firewalls, databases for information systems.
  • Implements enforce, communicates and develops security policies or plans for data categorization, software applications, and databases.
  • Must possess Executive Management potential.
  • Serve as a mentor to Jr. Security Analysts/Engineers, including regular seminars on topics of interest and knowledge gained from attending industry conferences.
  • Must know OWASP top 10 and able to influence others to follow without direct line authority.

 

Tasks:

  • Utilize code scanning tools to identify risks in applications prior to deployment. Work on development teams to address risk and mitigation.
  • Develop Security architecture for Web Applications, including Web design and selection of Web Application Firewalls (WAF). Create rules, exceptions and mitigate known risks.
  • Review deployed architecture logs and reports to identify potential exploits. Work with applications teams to repair exploited code.
  • Work on Merger and Acquisition teams to identify all Internet-facing web applications and integration/migration plans for acquired assets.
  • Lead external third-party security testing/penetration testing.
  • Work with Incident Response Team (IRT) to analyze code (executables, javascript, PDF, etc.) to determine purpose and impact of computing resources.
  • Work with Product Line engineering resources to ensure all of the customers’ delivered products are secure.
  • Work with DBAs to identify data fields for encryption and architecture for deployment.
  • Build out a training program for developers and serve as application Security “evangelist” for the corporation, implementing security practices in our product line SDLC.

 

Qualifications:

  • Bachelor’s degree in Computer Science, Computer Engineering or related field
  • Must have 9+ years of work-related programming and debugging of web applications in either Java, ASP, or C#.
  • Must have 3+ years’ experience with Information Security
  • Deep understanding of HTTP protocol. Must be able to address/debug issues with only HTTP stream for review.
  • Demonstrated expertise in analyzing intelligence information and technical data to identify exploitation opportunities to develop real-time solutions to mitigate immediate issues and interpret results to guide long-term security architecture.
  • Ability to obtain a US DOD Security clearance is required
  • Understanding of Engineering maturity models
  • Ability to architect defensive countermeasures and mitigation strategies.
  • Self-starter must be able to work independently.
  • Good customer service with strong oral/written communication skills.
  • Must be self-motivated and be capable of handling multiple tasks and projects simultaneously.

 

Preferred/Additional Skills:

  • Ability to reverse engineer malware and questionable executables.
  • Knowledge of Oracle and/or SQL highly desirable
  • CISSP or GIAC
  • Knowledge of FISMA, NISPOM, NIST, PCI, HIPAA, ISO 27000 and SOX
  • MS preferred.

 

This position requires the candidate to be able to obtain a Top-Secret security clearance. To obtain a clearance, you need to be a US Citizen and show proof of citizenship.

Posted On: Tuesday, Jan 30, 2018

    Apply to This Job

    Please take a moment to complete the following Candidate Profile form. All information provided will be kept strictly confidential and will not be disclosed to a potential employer without your prior verbal approval.

    Note:* Indicate Required Field