Job Details

Senior Application Security Engineer

NEW YORK-10005, NY, US
10/03/2018

-


Required Skills

    functional programming
Company

Infinity Consulting Solutions, Inc

Experience

-

Job Description

Applications Security Engineers partner with the Product and Engineering teams to improve the security of our software and products.

They ensure the security of their platform and applications from design to implementation and operations, in our environment and those of our clients.

By implementing secure coding and application security best practices across the SDLC, they facilitate the delivery of a unique DLT platform with world-class robustness and security properties.

What We Are Using:

Java and Scala for backend development, Haskell for DSL tools and formal methods

Agile/Scrum and modern software engineering practices (SBE / TDD / CI / CD etc.)

Cloud services, containers for rapid deployment

SonarQube, Veracode and other tools for code analysis

Key Responsibilities:

Partner with the Engineering and Product teams to define identity management, PKI and HSM implementations, implement secure coding practices, design customer-facing application security features and ensure that security is an integral part of the design and implementation of the product roadmap.

Work closely with the platform architecture team and software engineering teams throughout the entire SDLC to ensure that security concerns (including confidentiality, integrity and availability) are taken into account during design, development, testing, implementation, and deployment.

Identify emerging vulnerabilities, risks and threats during design iterations and provide appropriate mitigation strategies

Perform vulnerability assessments, source code reviews and open source management

Assist engineering teams in feature design and threat modeling

Drive source code security black-box testing, penetration testing, distributed system integrity and build system hardening

Maintain, validate, and communicate the products' threat model, security properties, and trust model

Help secure infrastructure and services by identifying and tracking outstanding risks

Educate software engineers on secure coding techniques and application security best practices.

Monitor developments within the application security industry to continually advance and mature our internal practices and processes.

Requirements:

Ideally, 10+ years experience as a hands-on security engineer, working in a globally distributed development environment.

Experience working with product managers to define and drive the product security vision, as well as building and validating sound security foundations.

Proven history of delivering high-quality, increasingly complex, commercial software
products to a global market.

Minimum of 5 years hands-on security and application design experience, with focus on security capabilities (confidentiality, integrity and availability) delivering mission-critical technology to the enterprise software market using Agile methodologies.

Strong command of distributed systems development.

Deep understanding of secure coding practices, penetration testing, OWASP Top 10.

Experience with recovery-oriented computing techniques to develop systems that detect and gracefully recover from system failure.

Advanced understanding of high-performance and high-availability coding techniques.

Experience developing software targeting Linux and Windows environments, including an adept ability to incorporate open source software as appropriate.

Strong understanding of embedding security into the development lifecycle and advocacy of security best practices across Engineering.


Familiarity with and interest in functional programming, formal specifications and verification; ideally with experience using Java, Scala, Python and Haskell.

Familiarity with and interest in functional programming, formal specifications and verification.

Continuous learning mindset and learning of new programming language paradigms

Servant leader who drives security processes and themes by example, through tools, and with automation.

Confident and "all in" mentality.

Strong commercial orientation with a deep passion for customer-driven design and development throughout the SDLC.

Collaborative approach that factors and embraces and insists upon diverse perspectives as a strategic imperative.

Open, strong communicator who communicates effectively across groups, locations and cultures, in-person and virtually, and can advocate for security best practices within the security engineering group.

Continuous growth mindset with strong disposition toward innovation and intrapreneurial ways of working.

Courage of convictions with a high degree of humility. Embraces constructive feedback and is resilient.

BS, MS or PhD in computer science, or related discipline.



Application Engineer
Information Technology

No Preference
FullTime Job
Other
1

Candidate Requirements
-
-

Walkin Information
-
-
-

Recruiter Details
Doug Klares
1350 Broadway, Suite 2205, NEW YORK-10018, NY, US
-