Sr. Principal Information Security Software Engineer

Location: Orlando, FL
Date Posted: 03-03-2018
This position requires the candidate to be able to obtain a Top-Secret security clearance. In order to obtain a clearance, you need to be a US Citizen and show proof of citizenship.

The Information Security Software Engineer is responsible for the Security architecture, strategy and policies governing application deployment.
 
  •  This individual will be required to work across the corporation and various levels of engineering and management to identify and set direction. 
  •  In-depth Knowledge of PKI
  • Must have proven ability to present decisions to Executive Management and technical specialists for consensus building across the corporation.
  • Must demonstrate mastery of hands-on information software and security competencies to be considered for this position.
  • Some travel will be required.
  • Responsible for architecting Web Application Security controls across the corporation, including Web Applications Firewalls, databases for information systems.
  • Implements enforce, communicates and develops security policies or plans for data categorization, software applications, and databases.
  • Must possess Executive Management potential.
  • Serve as a mentor to Jr. Security Analysts/Engineers, including regular seminars on topics of interest and knowledge gained from attending industry conferences.
  • Must know OWASP top 10 and able to influence others to follow without direct line authority
 Tasks:
  •  Utilize code scanning tools to identify risks in applications prior to deployment.  Work on development teams to address risk and mitigation.
  • Develop Security architecture for Web Applications, including Web design and selection of Web Application Firewalls (WAF).  Create rules, exceptions and mitigate known risks.
  • Review deployed architecture logs and reports to identify potential exploits.  Work with applications teams to repair exploited code.
  • Work on Merger and Acquisition teams to identify all Internet-facing web applications and integration/migration plans for acquired assets.
  • Lead external third-party security testing/penetration testing.
  • Work with Incident Response Team (IRT) to analyze code (executables, javascript, PDF, etc) to determine purpose and impact of computing resources.
  • Work with Product Line engineering resources to ensure all of the customer's delivered products are secure.
  • Work with DBAs to identify data fields for encryption and architecture for deployment.
  • Build out a training program for developers and serve as application Security “evangelist” for the corporation, implementing security practices in our product line SDLC.
 Qualifications:
  •  Bachelor’s degree in Computer Science, Computer Engineering or related field
  • Must have 9+ years of work-related programming and debugging of web applications in either Java, ASP, or C#.
  • Must have 3+ years’ experience with Information Security
  • Deep understanding on HTTP protocol. 
  • Must be able to address/debug issues with only HTTP stream for review.
  • Demonstrated expertise in analyzing intelligence information and technical data to identify exploitation opportunities to develop real-time solutions to mitigate immediate issues and interpret results to guide long-term security architecture.
  • Ability to obtain a US DOD Security clearance is required understanding of Engineering maturity models
  • Ability to architect defensive countermeasures and mitigation strategies.
  • Self-starter must be able to work independently.
  • Good customer service with strong oral/written communication skills.
  • Must be self-motivated and be capable of handling multiple tasks and projects simultaneously.
 Preferred/Additional Skills:
  •  Ability to reverse engineer malware and questionable executables.
  • Knowledge of Oracle and/or SQL highly desirable
  • CISSP or GIAC
  • Knowledge of FISMA, NISPOM, NIST, PCI, HIPAA, ISO 27000 and SOX
  • MS preferred.
 This position requires the candidate to be able to obtain a Top-Secret security clearance. In order to obtain a clearance, you need to be a US Citizen and show proof of citizenship.
 
  • Skills and Certifications [note: bold skills and certification are required]
  • 9+ years’ experience programming and debugging of web applications in either Java, ASP, or C#
  • 3+ years’ experience with Information Security
  • Deep understanding on HTTP protocol
  • Ability to obtain a US DOD Security clearance is required
  • CISSP or GIAC certification
  • Ability to reverse engineer malware and questionable executables
  • Bachelor’s degree in Computer Science, Computer Engineering or related field
  • Full-time Benefits - Full
  • Relocation Assistance Available - Yes
  • Interview Travel Reimbursed - Yes
or
this job portal is powered by CATS
RennickBarrettRecruitingInc-Home-323x102 globe