sr. security engineer ( java, software dev, experience required) jobs



Company Culture: https://www.themuse.com/profiles/cofense

Cofense provides end-to-end cyber-defense solutions that help protect organizations and their people from the vast and growing threat posed by phishing-related attacks. We're expanding rapidly and looking for talented engineers, like you, that care about building great products that solve big problems.

Our engineers work on products that make a difference in the world! From petty financial crimes up through major extortion & election hijacking events, many social engineering attacks start with phishing emails. We also build state of the art tools for IT and security operations centers, helping them identify & kill phishing attacks for large enterprises and organizations. 
 
The Sr Application Security Engineer is responsible for assisting the Development, Production Engineering, and Security Operations teams with application-level security assessment and threat mitigation.

Essential Duties/Responsibilities
  • Actively participate in the development of software as a member of a Scrum team
  • Participate in the review of the merge requests from Development and Production Engineering teams to proactively address security concerns before changes are merged to master
  • Actively participate in our agile life-cycle, including planning, grooming, daily stand-ups and retrospectives.
  • Use static code analysis tools to harden the software.
  • Develop and evangelize secure programming standards
  • Perform security focused design reviews considering elements such as: protocols, encryption, data storage, and business logic
  • Validate, address, and document responses to security findings from third-party penetration testing engagements
  • Other duties as assigned
Education and/or Experience:
  • Able to demonstrate an understanding of JAVA programming skills and are comfortable learning new languages.
  • Previous professional, full-stack app-dev experience preferred
  • Have used static analysis security audit tools preferred
  • Experience using CI environments (Jenkins/Docker) preferred
  • Experience performing threat modeling
  • Experience with security incident response activities
  • Experience penetration testing and the usage of web proxies for manual vulnerability assessment
  • Customer support experience (retail, help desk, consulting, etc.) preferred

Knowledge, Skills and Abilities Required
  • Passionate about application security and development
  • A self-starter who can identify work that needs to be done without waiting for direction
  • Able to write code that is intentional and readable, rather than magically obscure
  • Enjoy tinkering
  • Ability to list and demonstrate examples of the OWASP Top 10 preferred
  • Familiarity with TDD/BDD preferred
  • Working knowledge of AWS or other cloud computing platforms preferred
  • Familiarity with proxies, firewalls, mail infrastructure, and other solutions commonly seen in large enterprises preferred
  • Experience with secure code quality practices and tooling to support quick engagements and rapid analysis - static analysis tools (Coverity, Checkmarx, or similar), dynamic scanning (Rapid 7, AppSpider, or similar), Fuzzing (AFL, Peach, or similar) and code coverage (Bullseye, LDRA, etc) preferred
  • Comfortable mentoring engineers that are globally distributed.
  • Understand OS concepts such as scheduling, interrupt handling, virtualization of computing resources.
  • Comfortable working independently but able to escalate problems when necessary
  • Demonstrate strong oral and written communication skills
  • Willing to mentor and guide fellow team members kindly and constructively
  • Enjoy sharing knowledge via documentation
  • Happy to travel occasionally for team meetings and events
  • Able to write PoC code and documentation that clearly demonstrate vulnerabilities
  • Proficient with (or able to quickly learn) automation tools such as Selenium
  • Able to find solutions to challenging technical puzzles with atypical constraints
  • Able to effectively use git and understand common SCM workflows
Education and/or Experience:
  • Bachelor’s degree preferred.
  • Previous professional, full-stack app-dev experience preferred
  • Have used static analysis security audit tools preferred
  • Experience using CI environments (Jenkins/Docker) preferred
  • Experience performing threat modeling
  • Experience with security incident response activities
  • Experience penetration testing and the usage of web proxies for manual vulnerability assessment
  • Customer support experience (retail, help desk, consulting, etc.) preferred

The above statements are neither intended to be an all-inclusive list of the duties and responsibilities of the job described, nor are they intended to be a listing of all of the skills and abilities required to do the job. Rather, they are intended only to describe the general nature of the job. This job description is not a contract of employment, either express or implied. Employment with Cofense will be voluntarily entered into and your employment is considered at will. Cofense reserves the right to alter the job description at any time without notice.

Cofense is committed to equal employment opportunity. We will not discriminate against employees or applicants for employment on any legally recognized basis [protected class] including, but not limited to: veteran status, uniform service member status, race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age, physical or mental disability, marital status, genetic information or any other status or characteristic protected by applicable national, federal, state or local laws and ordinances. We adhere to these commitments in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, and discipline.