Senior Principal Application Security Engineer

Serve as a Security Expert in secure application, design and deployments in a highly dynamic multi-product environment. Research, designs and enable new processes and technologies, architectures, and security products that will secure our products through its development life cycle.

KEY RESPONSIBILITIES:

- Work closely with the product development teams to ensure that our product platforms are secure.
- Ensure that products and services are designed and implemented with security in mind.
- Fluent in OWASP top 10, but also applies practical knowledge of application development security challenges.
- Leverage Agile Software Development process and technologies.
- Use understanding of secure code development, standards and metrics.
- Work with the product development teams to identify, publish and enable application development security standards, best practices, and patterns.
- Analyze application security incidents, review findings, and determine impacts. Drive remediation of issues identified through internal and external security testings.
- Contribute to the development and maintenance of global information security strategy.

REQUIREMENTS/SKILLS:

- At least 4 year of experience in application-level vulnerability testing and auditing
- At least 6 years of overall application security experience
- At least 4 years of experience involvement with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role)
- Excellent knowledge of Java and C/C++ application security
- Experience with code vulnerability scanning and remediation
- Strong experience and detailed technical knowledge in security engineering, system and network security protocols, cryptography, and application security
- Experience with service-oriented architecture and web services security desired
- Experience with the application of threat modelling or other risk identification techniques
- Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploit
- Development experience in C, C++ and/or Java
- Scripting skills (eg, PERL, Shell Scripting)
- Knowledge of network and web related protocols (eg, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Application security protocols including SAML, OAuth, XCAML, OpenIdentity, etc.
- Excellent written and verbal communication skills
- Excellent leadership skills and teamwork skills
- Results oriented, high energy, self-motivated

This assignment is expected to be 6 months in duration.