Job Description :
The IT Security Engineer function is essential to the delivery of secure code and highly effective IT security practices. The needs of the Business require that Verizon''s desktop, mobile, and call management applications flawlessly protect our customers’ personal information. Applications must be delivered without security vulnerabilities that could lead to cyber incidents and without unnecessary exposure of our customers’ data.
The goal is an IT delivery organization that enables the best possible experience for our business partners and customers. The IT Security Engineer needs to thoroughly understand and be able to explain the applications’ inherent risks, potential threats, and secure coding improvement requirements, and to participate in the security training, discipline, repeatable processes, and overall security maturity of the organization’s resources.
The IT Security Engineer must have the security domain expertise, technical expertise, leadership skills, communication skills, and negotiation skills to work with application project and development teams throughout the entire software development lifecycle to build security into applications produced.
The IT Security Engineer will also be expected to coach the IT development team to broaden their knowledge of best in class Dev Sec Ops-enabled security techniques and the latest IT security tools and trends.
Responsibilities:
Work with development teams to employ a secure architecture
Provide education and guidance about secure coding practices
Ensure compliance with Policies, Standards, Requirements, and Directives are met
Schedule, scope and prioritize security assessments of applications
Assess applications for vulnerabilities using manual and automated methods, such as threat modeling, code reviews, tool scans and penetration testing
Identify, document, rate, and communicate vulnerabilities in terms of Confidentiality, Integrity and Availability to multiple audiences
Reproduce, demonstrate and retest vulnerabilities
Provide guidance and direction on remediating vulnerabilities
Maintain awareness of security issues amongst the development community, summarize the incidents for internal resources, and determine proactive steps to reduce internal risk
Continually improve the secure development process and environment
Required Qualifications:
Understanding of the Software Development Lifecycle (SDLC)
Understanding of multi-tiered architecture
Passion for application security
Process oriented
Ability to describe vulnerabilities and application security concerns to both technical and non-technical persons
1-3 years of hands-on technical experience developing and testing apps in .NET or Java
3-5 years application security experience
Experience performing architecture reviews and threat modeling
Experience with cloud security: Amazon AWS, Windows Azure
Preferred Qualifications:
Experience with SAST tools such as Fortify, Veracode, Checkmarx
Experience with DAST tools such as IBM AppScan, HP WebInspect, Acunetix, Qualys WAS, Zap, Burp
Experience with Open Source Software security tools such as Black Duck and vulnerability remediation guidance
Familiarity with infrastructure scanning tools such as Nessus and vulnerability remediation guidance
Ethical hacking certification
GIAC GWAPT, GSSP, or GWEB certified