Job Title: Engineering - Product Security - Security Software Engineer
Duration : 12 months
Location : Ny/NJ
Rate : Open (DOE)
Duties: Security Software Engineer
Your Impact
Product Security Engineering within Core Engineering is responsible for providing an opinionated, standardized set of tools and services to enable building of secure applications at the firm. The hiring team is primarily responsible for designing and implementing core Secrets Management solutions for the firm's internal and public cloud technology. We help secure the firm's systems and software by providing solutions that allow our software engineering teams to easily and reliably safeguard their applications.
Are you are a software/systems engineer or security engineering specialist looking for a role where you can have broad-reaching positive impact and are enthusiastic about security, authentication, cloud, and cryptography, with a minimum of 2 years' engineering experience? You will be a good fit if you have…
How will you fulfill your potential?
Build software libraries and services to provide secure-by-default services to software engineering teams, including authentication systems, secrets management solutions, endpoint control solutions, and cloud controls
Partner with colleagues from across technology and risk to ensure an outstanding, useable and unobtrusive experience for owners and users of secrets
Collaborate on feature design and problem solving
Help to provide frictionless integration with the firm's runtime, deployment and SDLC technologies
Manage the full lifecycle of software components, from requirements through design, testing, development, release and demise
Help to communicate and promote best practices for security engineering across the firm
Engage in production troubleshooting
Skills: Basic Qualifications
A strong grounding in security concepts, including core cryptography, secure coding practices and principles of authentication and secrets management
A good understanding of PKI, X.509, key exchange protocols, and authentication protocols, including token-based authentication
The ability to reason about performance, security, and process interactions in complex distributed systems
Proficiency in designing, developing and testing cross-platform software in one or more of Java, C++, C# or golang; open to using multiple languages
Experience developing, deploying and supporting software across the full Continuous Delivery life-cycle
Sound SDLC and practices and tooling experience - version control, CI/CD and configuration management tools
The ability to understand and effectively debug both new and existing software
Experience meeting demands for high availability, low latency and scale
The ability to communicate technical concepts effectively, both written and orally, as well as the interpersonal skills required to collaborate effectively with colleagues across diverse technology teams
Preferred Qualifications
Experience using and/or supporting Hashicorp Vault and/or Consul in production
Experience with containerisation - Kubernetes/Docker
Experience with open source, web authentication solutions
Experience monitoring, measuring, auditing and supporting software
Scripting skills using Python, PowerShell or Bash
Experience with Terraform, Freemarker, Kubernetes and Docker
Experience with AWS and OPA
Familiarity with OIDC Authentication
Experience with Golang, RHEL administration and systemd, Freemarker, GitLab, HAProxy
Experience with Windows Administration (2008 – 2012) administration, IIS, LDAP/AD LDS and AngularJS