Job Description :
Position: Information Security Professional
Location: Burlington MA
Should be comfortable to come for F2F interview (expenses can be reimbursed if the candidate is non-local)
Seeking a cyber security professional to join our Product Security Team and be a member of the Security Event Response Team. As part of this team you will help secure and defend our products from the constantly evolving threat landscape of both the traditional on-premise as well as the cloud based SAAS worlds.
Responsibilities
As a member of the Product Security Team you will:
Work with Development and QA to ensure adherence to SDLC by providing guidance and implementation, and testing advice, with an emphasis on a shift left philosophy.
Promote SDLC adoption, by monitoring SCA, Static Analysis, and Dynamic testing results.
Contribute to product security by participating in design and code reviews in security related areas.
Work with the security architect to design and implement Secure libraries, like common crypto module, and Safe-C and Safe-J API libraries.
Perform security audits of code and collaborate with the Security Architect to perform threat analysis through Threat Modeling and penetration test scenarios.
Stay abreast of security development practices, including the research of current and evolving trends.
Monitor industry blogs and mailers to stay up to date with the latest emerging threats and remediations.
As a member of the NetBrain Security Event Response Team you will:
Manage cases of Customer reported or internally found vulnerabilities,
o Determining if our products are vulnerable
o If so determine proper course of remediation and create a defect tracking case for development.
o Participate in the crafting of a response to the reporting customer, as well as a general advisory for all customers.
o Coordinate the creation of patches for field release and fixes in current production.
o Ensure posting of the patches, and the security advisory are synchronized.
Qualifications
Bachelors in Computer Science or related field
A good working knowledge of tools like BlackDuck, Whitesource, Coverity, SonarQube, AppScan, AppSpider, QualsysGuard, etc.
Experience with security concepts, including:
o Authentication and authorization (including MFA)
o Current ‘strong’ cryptography algorithms, as well as legacy ‘weak’ crypto algorithms.
o Secure coding practices and Secure Development Life-Cycle (SDLC)
o Application security concepts
o Familiarity with network and web security wire protocols such as TLS, IPSec etc.
o Operating systems hardening
Security-focused design and coding skills
Experience advocating for technical security solutions across functional domains
3+ years of industry experience architecting and implementing security features and solutions
5+ years of native code development ( C/C++) or 5+ years of 3GL such as C#, Java, or Python
Experience with security engineering solutions
Desirable (non-essential) skills:
Ability to design and execute automated penetration testing modules to detect vulnerabilities during build time, coming up with innovative ways to integrate security into the SDLC.
Experience working in an ISO 27001 environment.
Familiarity with compliance standards such as, PCI DSS, Common Criteria, SOX, HIPPA, FIPS 140-2, FEDRAMP requirements, etc.
Experience security testing automation and hardening of applications is very desirable.
Exposure to Public Key Infrastructure (PKI) management including AWS KMS, Hashicorp Vault, and Gemalto SafeNet KMS
Experience working in a SaaS as well as a traditional Fullstack environment.
Recognized security certifications are highly desirable (CISSP, CISA, GIAC, CEH and others)