This position will be responsible for regular code reviews, improving the secure development and testing procedures, investigating reported product vulnerabilities and prioritizing remediation or mitigation efforts.
- Threat Modelling – work with the development teams to ensure that threat modelling is performed for all product updates and enhancements
- Incorporate automated and manual security testing (SAST/DAST/SCA/fuzz testing) into all product pipelines. Perform manual penetration testing using advanced tools
- Participate in the Product Security Incident Response effort for all One Identity products. Assess reported or discovered vulnerabilities and prioritize remediation.
- Develop and/or improve, maintain, and monitor Secure Build infrastructure to ensure the security and integrity of application code delivered to customers
- Work with development teams, and provide training to Security Champions and other R&D personnel to continue to shift security left
- Maintain knowledge of application security related vulnerabilities, including cryptographic implementations and mitigation strategies
- CISSP or equivalent
- Experience with security testing tools.
- Experience securing cloud applications and infrastructure, particularly in Azure
- Extensive knowledge of cryptographic algorithms and key management practices
- Deep knowledge of OWASP Top 10, CWE Top 25, common programming errors, and the ability to assist developers in preventing or correcting them
- Able to gain trust from and communicate effectively with deeply technical software development engineers
- Written and spoken fluency in English
- CEH, OSCP, GPEN, CompTIA Pen-Test+ or equivalent certification
- Deep experience with Coverity/Polaris, Whitesource, Acunetix, and numerous manual testing tools such as Burp Suite, Wireshark, SQLMap, NMAP, Metasploit, sandboxing tools, etc
- Experience integrating security into an Agile environment
- Ability to author and/or critique procedures, white papers, security guides
The ideal candidate is a highly-motivated individual who can work as part of a team or independently as required by the circumstances. Must have a strong interest and background in secure coding techniques, as well as the abilitiy to assess and appropriately prioritize security vulnerabilities. Deep experience using security testing tools.
Please contact Charlie goldsmith via firstname.lastname@example.org for further details.