Senior Security Engineer

Permanent Role

San Jose, California

• Perform application risk assessments and threat modeling
• Administer application vulnerability scans
• Coordinate remediation activities
• Review application security designs and make recommendations when needed
• Manage and configure security database assessment and auditing tools
• Provide consultation to various departments, RE: application security best practices
• Ensure application and network compliance to IT security policies
• Experience documenting exceptions reports, audit/review reports, technical/process recommendations, reporting of security statistics/metrics, technical standards, procedures, and guidelines, etc.

5+ yrs experience in an Application Security role. Development experience is a must as well as the ability to work with development teams to resolve issues and improve awareness around secure coding practices, including experience inserting information security controls and checkpoints into the application design process. Knowledge in standard software development applications, Windows UNIX, and database environments including SQL, DB2, Oracle and Sybase. Working knowledge of how to build secure web applications is required as well as experience using code, web and database scanners. Experience with Appscan, HP WebInspect, NESSUS, and other application assessment tools. Familiar with risk analysis and risk management methodologies. Solid understanding of application vulnerabilities and countermeasures. Must be able to provide and recommend remediation approach and not just provide vulnerability information

Certified Information Systems Security Professional (CISSP) or other Security certification strongly preferred.