Software Security Engineer

SOFTWARE SECURITY ENGINEER

The Software Security Engineer is responsible for analyzing software designs and implementations from a security perspective along with identification and resolution of security issues. The Security Engineer includes the appropriate security analysis, defenses, and countermeasures at each phase of the software development lifecycle to result in robust and reliable software.

Duties and Responsibilities include but are not limited to the following:

• Implement, test, and operate advanced software security techniques in compliance with technical reference architecture.
• Develop and implement security solutions to protect against threats like SQL injection, cross-site scripting (XSS), and other common attack vectors.
• Organize and perform ongoing security testing and code review to enhance software security.
• Troubleshoot and debug security issues that arise.
• Prepare and provide engineering designs for new solutions to help mitigate software vulnerabilities.
• Contribute to the team’s work at all levels of architecture.
• Prepare and maintain technical documentation.
• Consult and provide leadership to the organization with secure coding practices.
• Stay informed and develop competence with new tools and best practices.
• Perform daily duties aligned with the company's Information Security Policies and Procedures.
• Ensure that Information Confidentiality, Integrity, and Privacy are always maintained when processing information assets.

REQUIREMENTS QUALIFICATIONS

• BS degree in Computer Science or related field
• 3 years of experience as a software security engineer
• Strong understanding of common security protocols and standards (e.g., SSL/TLS, OAuth, OWASP)
• Detailed technical knowledge of techniques, standards, and state-of-the-art capabilities for authentication and authorization, applied cryptography, security vulnerabilities, and remediation
• Software development experience in at least one of the following core languages: PHP, .net
• Superior knowledge of web-related technologies (Web applications, web services, and service oriented architectures) and network/web-related protocols
• Detailed understanding of all aspects of security research and development

PREFERRED QUALIFICATIONS

• Industry certifications such as Certified Information Systems Security Professional (CISSP), Certified
• Ethical Hacker (CEH), or Offensive Security Certified Professional (OSCP)
• Experience with cloud security and containerization technologies
• Knowledge of secure software development methodologies such as DevSecOps.
• Familiarity with regulatory compliance requirements such as GDPR, HIPAA, or PCI DSS (or similar)