Senior Principal Information Security Software Engineer
Sr. Principal Information Security Software Engineer
Industry: Aerospace / Aviation / Defense
Job Category: Information Technology – Security
Job Description:
The Information Security Software Engineer is responsible for the Security architecture, strategy and policies governing application deployment.
- This individual will be required to work across the corporation and various levels of engineering and management to identify and set direction.
- In-depth Knowledge of PKI
- Must have proven ability to present decisions to Executive Management and technical specialists for consensus building across the corporation.
- Must demonstrate mastery of hands-on information software and security competencies to be considered for this position.
- Some travel will be required.
- Responsible for architecting Web Application Security controls across the corporation, including Web Applications Firewalls, databases for information systems.
- Implements enforce, communicates and develops security policies or plans for data categorization, software applications, and databases.
- Must possess Executive Management potential.
- Serve as a mentor to Jr. Security Analysts/Engineers, including regular seminars on topics of interest and knowledge gained from attending industry conferences.
- Must know OWASP top 10 and able to influence others to follow without direct line authority.
Tasks:
- Utilize code scanning tools to identify risks in applications prior to deployment. Work on development teams to address risk and mitigation.
- Develop Security architecture for Web Applications, including Web design and selection of Web Application Firewalls (WAF). Create rules, exceptions and mitigate known risks.
- Review deployed architecture logs and reports to identify potential exploits. Work with applications teams to repair exploited code.
- Work on Merger and Acquisition teams to identify all Internet-facing web applications and integration/migration plans for acquired assets.
- Lead external third-party security testing/penetration testing.
- Work with Incident Response Team (IRT) to analyze code (executables, javascript, PDF, etc.) to determine purpose and impact of computing resources.
- Work with Product Line engineering resources to ensure all of the customers’ delivered products are secure.
- Work with DBAs to identify data fields for encryption and architecture for deployment.
- Build out a training program for developers and serve as application Security “evangelist” for the corporation, implementing security practices in our product line SDLC.
Qualifications:
- Bachelor’s degree in Computer Science, Computer Engineering or related field
- Must have 9+ years of work-related programming and debugging of web applications in either Java, ASP, or C#.
- Must have 3+ years’ experience with Information Security
- Deep understanding of HTTP protocol. Must be able to address/debug issues with only HTTP stream for review.
- Demonstrated expertise in analyzing intelligence information and technical data to identify exploitation opportunities to develop real-time solutions to mitigate immediate issues and interpret results to guide long-term security architecture.
- Ability to obtain a US DOD Security clearance is required
- Understanding of Engineering maturity models
- Ability to architect defensive countermeasures and mitigation strategies.
- Self-starter must be able to work independently.
- Good customer service with strong oral/written communication skills.
- Must be self-motivated and be capable of handling multiple tasks and projects simultaneously.
Preferred/Additional Skills:
- Ability to reverse engineer malware and questionable executables.
- Knowledge of Oracle and/or SQL highly desirable
- CISSP or GIAC
- Knowledge of FISMA, NISPOM, NIST, PCI, HIPAA, ISO 27000 and SOX
- MS preferred.
This position requires the candidate to be able to obtain a Top-Secret security clearance. To obtain a clearance, you need to be a US Citizen and show proof of citizenship.