Security Engineer

Job Title

Security Engineer

Location

Remote/Basking Ridge NJ 07920

Manager Note

Description:

***Supplier Due Diligence Questionnaire must be completed with each candidate submission attached to posting.

1. Describe in detail a recent experience where you performed similar functions to this position. Specifically focus on application securityrelated experiences.

1. Why are you interested in this position

1. How would you rate your technical expertise in application security (110 10 being an expert) and why

1. Which would you rate higher and why your verbal communications or your writing skills

1. What is your current timeframe for finding a position

1. Do you have a preference for a contract position or a fulltime position and why

1. In what situations do you find yourself most challenged

1. In what situations do you find yourself most successful

1. What conditions or situations would most likely cause you to leave a position/job

1. What are some of the feedback/reasons you received for not being accepted for a position in the recent past

Detailed Job Description

What youll be doing...
The Verizon Product Security Team ensures security by design product engineering and architecture for both consumer and business products. As a Product Security Engineer you will work to conduct security assessments on both Consumer and Business products and solutions. You will help to create define and implement security controls and tooling in conjunction with product development teams and product owners. You will manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements.

You will also work in conjunction with security stakeholders in other areas of the business and make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives. You will also manage work that involves coordination with multiple organizations and is the focal point within the group.

Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible
Work with the product teams to perform security design/code reviews and vulnerability assessment
Provide security guidance to Engineering and Product teams.
Build threat models and participate in risk assessments for new features and services.
Create application threat models and provide guidance on effective countermeasures
Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment involving cutting edge technology
Provide subject matter expertise on encryption security controls and secure design and programming practices across the technology organization
Contribute to security policy standards and guidelines related to Information Security
Evaluate and operationalize new technologies for securing the organization
Help create product security inventory and product security lifecycle to align with standards.
Train and mentor new hire and Jr Product Security Architects.
Train and mentor Security Champions throughout the development
Share thought leadership in the product and application security space
Create security user stories and security test cases for products that are tailored to the product attributes and technology
Support and advise product owner and product development teams by ensuring technical and architectural feasibility readiness and compliance.
Experience with secure SDLC governance and compliance for PCI FedRAMP and NIST

What were looking for...
Youll need to have:
Bachelors degree in a relevant field (Computer Science Software Engineer Security or others) OR an equivalent combination of education training and experience
Experience with performing security requirements analysis to secure the deployment of large globally distributed platforms building threat models do design reviews and document relevant mitigation techniques implementing security best practices applying applications security design patterns.
Experience with any combination of at least 3 technical disciplines including the following: Cloud Security Penetration Testing Application Security Mobile Security Secure Development methodologies Software Development and Coding.

Even better if you have:
Good understanding of mobile application security
Experience with hands on application penetration testing
Experience securing cloud services like AWS Azure or GCP
Understanding of Docker Kubernetes and CI/CD pipeline
Hands on experience on security testing like SAST DAST and Pen testing
Understanding of OWASP Top 10 CIS Top 20
Understanding of authentication protocols like OID OAuth2.0 SAML
Knowledge of application security vulnerabilities secure coding and countermeasures.
Written and verbal skills for communicating security concepts and solutions.
Ability to prioritize between and execute on multiple work streams.
Experience with application programming and the overall software development life cycle.
Excellent organizational and interpersonal skills.
One of more of the following certifications: CISSP CISM SANS CCSK CCSP Ethical Hacker cert.