Senior Software Security Engineer
This job is no longer active.
View similar jobs.
POST DATE 8/27/2016
END DATE 10/8/2016
CSG Systems, Inc.
JOB DESCRIPTION11107 Senior Software Security Engineer (Open Date: 08/26/2016)
SW - Development Services
CSG International is hiring a Senior Software Security Engineer to focus on software development practices and improving the security aspects of delivered applications. This person will join a cross organizational software security team and work closely with product and software development teams to ensure CSG delivers secure products and solutions. The successful candidate must be passionate to learn and share, and work well in a fast-paced collaborative environment.
What you will do:
* Threat model application architecture, identify required control points in the application, and provide software and solutions design direction
* Consult with development teams on systems architecture and design security
* Conduct vulnerability and application penetration testing and static code scanning to evaluate potential security weaknesses and manage resulting issues requiring remediation
* Mentor software development teams in remediation of identified security weaknesses
* Review and evaluate the security impact of proposed changes to software systems
* Research and stay abreast of the latest threats
* Evangelize security and secure development practices
* Verify applications are developed and maintained in line with data security policies
* Make recommendations for enhancements to existing security tools and practices, as well as for new security tools and practices.
* Bachelor's Degree in Computer Science, Information Security, or related field
* 7 years of software development experience
* 3 years of C# and/or Java development experience
* 3 years of secure application development experience
* 3 years of experience with software security assessment using static code analyzers, dynamic application penetration tools, and attack surface analysis and threat models
* Solid knowledge of Internet and Mobile technologies and architectures
* Ability to coach developers and product management at all levels in improving product security
* Plus skills:
* Understanding of regulatory environments and compliance and their impact on software development, including PCI DSS, HIPAA, SOX
* Additional industry certification (GSSP, CEH, CPT)
* Knowledge of PKI architectures and implementation
* Understanding of network technology and protocols (TCP/IP, VPNs, Firewalls, IPS, IDS, and DNS)
* Knowledge of industry secure development frameworks such as Microsoft SDL or OpenSAMM
* Experience developing software on an agile team (XP, Scrum, TDD, etc.)
* CISSP or other relevant security or privacy certification is preferred