Job Description :
Security Engineer

Location is Dearborn MI

12 months Contract

Phone then in-person

The Security Engineer for web application and vulnerability management security will work with Information Security team, Business team, Technology team, Clients and Partners. Position is responsible for performing reviews and security testing as part of the System Development Life Cycle (SDLC) process and Information Security’s defined schedule. Work is performed within guidelines set by management regarding the development life cycle, version control, source code equity, documentation, security testing, code “walk-through” verification, secure code deployment, and team collaboration.

Essential Job Functions:

· Collaborate with FordDirect Business, Technology, Service Providers and Partners, Ford IT to capture requirements and proactively identify security risks in system design and implementation;

· Analyze documentation and specifications for any new applications and systems under deployment or consideration to determine its intended functionality;

· Defining system and security requirements flows and interfaces based on customer needs;

· Perform web application scanning/application security assessments and assist with vulnerability scanning and reviews;

· Perform manual application testing to identify vulnerabilities or deviations from software standards;

· Discover, categorize, and analyze vulnerabilities, recommend/develop remediation or mitigation strategies, and escalate the security issue to the appropriate internal department;

· Define and collect security metrics to provide updates on how the project is progressing and whether the deliverables produced are acceptable;

· Assist with secure code development training to developers, quality assurance personnel and relevant team members;

· Work with Information Security Architect to validate security designs associated with all infrastructure projects;

Safeguard the company’s assets;

· Adhere to the company’s compliance program;

· Maintain comprehensive knowledge of industry standards, methodologies, processes, and best practices;

· Maintain a focus on customer-service, efficiency, quality, and growth;

· Keep up to date with latest technology trends.

· Source and assess external resources to support IT and company stakeholders.

· Other duties as assigned.

Minimum Qualifications and Job Requirements:

· Bachelor’s degree in Computer Science, Information Technology or related discipline or the equivalent technical training and work experience;

· Must have at least 3 - 5 years of secure infrastructure experience, preferably in security domain;

· Professional security certifications such as CISSP, GWEB, GPEN, and GWAPT, etc. are preferred;

· Must have several years’ experience working on IT projects through discovery and delivery phases throughout the SDLC;

· Knowledge of Web Application Security and Languages such as HTML, JAVA, and .NET;

· Experience working with communication protocols such as TCP/IP, X.509, SSL, TLS, and SFTP;

· Experience with Web Services /SOAP/XML/PKI/Web API/AAA/ESB and their associated security related features;

· Experience with: Web Application Firewall (WAF), Public Key Infrastructure (PKI), SOC II Type II remediation and support;

· Must have strong analytical and problem solving skills;

· Knowledge and hands-on skills with application security testing tools such as HP Fortify (SAST), Rapid7 AppSpider (DAST), Burpsuite and Zed Attack Proxy;

· Knowledge and hands-on skills with threat identification, vulnerability validation, and a thorough understanding of issues and risks documented in the 2017 OWASP Top Ten;

· Knowledge and hands-on skills with vulnerability and threat analysis discovery tools, preferably Qualys;

· Must have advanced knowledge of project life cycle methodology and procedures;

· Must have excellent verbal and written communication skills and experience developing presentations to peer groups, and associates;
             

Similar Jobs you may be interested in ..