ITEL Laboratories
Software Security Engineer
ITEL Laboratories, Jacksonville, Florida, United States, 32290
Job Details
Job LocationJacksonville, FL
Remote TypeFully Remote
Position TypeFull Time
Description
JOB SUMMARY
The Software Security Engineer will be responsible for designing, implementing, and maintaining security measures for our software applications. This role involves identifying potential security vulnerabilities, developing strategies to mitigate risks, and ensuring compliance with industry standards and regulations.
KEY RESPONSIBILITIESWork closely with development and product teams to integrate security into the software development lifecycle (SDLC), including software designs, security tests, and code reviews.Ensure security is considered at every stage of the development process, from design to deployment.Provide guidance and best practices for application integration into cloud environment such as AWS / Azure.Assist in developing and enforcing a set of fundamental, sound, and secure software development processes based on established practices from NIST, OWASP, and others. (Review and Publish Release Notes)Collaborate with product managers to incorporate security features and enhancements into product roadmaps. Ensuring security is a key consideration in product planning and development.Design, implement, and operate information security programs such as Secure Software Development Program and Data Protection Program.Facilitate cross-functional collaboration between InfoSec, development, and product teams to address security challenges and align security goals with business objectives.Conduct thorough security reviews, both internal and external where necessary, of application code developed by the product and development teams.Identify potential security defects and recommend necessary changes to mitigate risks.Assess current and newly developed code for security vulnerabilities using dynamic and static analysis techniques.Work with software engineering teams to fix vulnerable code by providing guidance on secure coding practices and industry best practices.Provide expertise on authentication, entitlements, identity management (SSO), data leak prevention, data protection, encryption, etc. to developers.Design and implement technology and processes to reduce the potential risk of data compromise and leakage.Evaluate system designs from a security perspective, ensuring they adhere to best practices and compliance requirements. Provide feedback to development teams to enhance security measures.Participate with Incident Response events, assist in responding, minimize the impact, conducting a technical and forensic investigation, gather and preserve evidence for potential use in the prosecution of computer crimes.Monitor, analyze, respond to and resolve security alerts, incidents, attacks or platform issues and assist in workstation, server systems and networking triage.Understand and identify advanced cyber threats and provide strategies to defend against these threats.Provide support to Information Security team members, IT Operations and business staff as assigned and required with regards to information security activities.Assist with implementing and enforcing IT security policies and procedures across the organization.Identify, select, propose, and implement security solutions for protecting the organizations most sensitive data. Solutions may include Data Loss Prevention (DLP) systems and database monitoring and anomaly detection systems (e.g., Guardian, Imperva)Drive the evaluation of solutions, selection of technologies and enact strategic decisions based on established standards and existing architecture.Partner with MSSP, MSP and other technology vendors to implement security solutions and for those solutions maintain the software, hardware, systems making up the enterprise security stack.Assist with the deployment, maintenance and support of IT security systems and applications across the enterprise.ROLE QUALIFICATIONS
EDUCATION & EXPERIENCE
Bachelor's degree in a computer-related engineering field.At least two (2) to five (5) years of progressing industry experience.At least one (1) language from the set {.NET, Python, C/C++, TypeScript}.Microsoft Certified Azure Security Engineer (AZ-500) certification.Experience with AWS and Google Cloud Environments.Proficiency in Azure Sentinel for threat detection, investigation, and response.Knowledge in security development, network security, and cloud security.Experience with improving DevSec Ops maturity levels of the overall development process.Implementation of credential scanning tools like Git Guardian in the CI/CD pipeline.Knowledge with Integrating SAST, SCA, and scanning tools such as SonarQube, SonarCloud, Fortify, Veracode, OWASP Dependency Check, Snyk, Trivy and Checkmarx, Aqua, Black Duck into the CI/CD pipeline.Implementations in security best practices for Azure cloud solutions to comply with requirements.Manage user access and identity using Azure AD, Azure AD B2C, and OAuth.Conduct risk assessments and developed mitigation strategies within the Azure environment.Integrate various security scanning tools (SAST, SCA, DAST) into the CI/CD pipeline for early vulnerability detection.Perform security testing methodologies (SAST, SCA, DAST) and analyzed false positives.Review source code security before migration to cloud platforms.Preferred
Kubernetes and container technologiesIoT or robotics technologies, including firmware, CAN architectures, and real-time operating systemsKEY COMPETENCIES
Results-Oriented:
ability to plan, schedule and organize professional schedule to achieve strategic goals within or ahead of established time framesAdaptability to Change:
ability to be flexible and supportive, react swiftly to and able to positively and proactively assimilate change in rapid growth environmentInterpersonal Communication:
ability to choose a communication behavior that is both appropriate and effective for a given situation; the ability to understand and manage your own emotions, as well as recognize and influence the emotions of othersTeam Orientation and Collaboration:
ability to successfully build and maintain collaborative relationships to work effectively together as a team through shared responsibility, respect, and empathy to complete a shared goal for a common goodAccountability:
ability to act with a clear sense of ownership; takes personal responsibility for decisions, actions, deliverables, and failures; establishes clear responsibilities and processes for monitoring work and measuring results; embraces experimentation, creativity, and positive changeCultural Competence:
ability to understand and respect values, attitudes, beliefs, and mores of the member that differ across cultures, and to consider and respond appropriately to these differences in planning, implementing, and evaluating health programs and interventionsWORKING CONDITIONS/EQUIPMENT USE
Work is performed indoors in a typical office environment - not substantially exposed to adverse environmental conditions.Must be able to lift up to fifteen (15) poundsFrequent use of office machines to include telephone, computer, and printer
Job LocationJacksonville, FL
Remote TypeFully Remote
Position TypeFull Time
Description
JOB SUMMARY
The Software Security Engineer will be responsible for designing, implementing, and maintaining security measures for our software applications. This role involves identifying potential security vulnerabilities, developing strategies to mitigate risks, and ensuring compliance with industry standards and regulations.
KEY RESPONSIBILITIESWork closely with development and product teams to integrate security into the software development lifecycle (SDLC), including software designs, security tests, and code reviews.Ensure security is considered at every stage of the development process, from design to deployment.Provide guidance and best practices for application integration into cloud environment such as AWS / Azure.Assist in developing and enforcing a set of fundamental, sound, and secure software development processes based on established practices from NIST, OWASP, and others. (Review and Publish Release Notes)Collaborate with product managers to incorporate security features and enhancements into product roadmaps. Ensuring security is a key consideration in product planning and development.Design, implement, and operate information security programs such as Secure Software Development Program and Data Protection Program.Facilitate cross-functional collaboration between InfoSec, development, and product teams to address security challenges and align security goals with business objectives.Conduct thorough security reviews, both internal and external where necessary, of application code developed by the product and development teams.Identify potential security defects and recommend necessary changes to mitigate risks.Assess current and newly developed code for security vulnerabilities using dynamic and static analysis techniques.Work with software engineering teams to fix vulnerable code by providing guidance on secure coding practices and industry best practices.Provide expertise on authentication, entitlements, identity management (SSO), data leak prevention, data protection, encryption, etc. to developers.Design and implement technology and processes to reduce the potential risk of data compromise and leakage.Evaluate system designs from a security perspective, ensuring they adhere to best practices and compliance requirements. Provide feedback to development teams to enhance security measures.Participate with Incident Response events, assist in responding, minimize the impact, conducting a technical and forensic investigation, gather and preserve evidence for potential use in the prosecution of computer crimes.Monitor, analyze, respond to and resolve security alerts, incidents, attacks or platform issues and assist in workstation, server systems and networking triage.Understand and identify advanced cyber threats and provide strategies to defend against these threats.Provide support to Information Security team members, IT Operations and business staff as assigned and required with regards to information security activities.Assist with implementing and enforcing IT security policies and procedures across the organization.Identify, select, propose, and implement security solutions for protecting the organizations most sensitive data. Solutions may include Data Loss Prevention (DLP) systems and database monitoring and anomaly detection systems (e.g., Guardian, Imperva)Drive the evaluation of solutions, selection of technologies and enact strategic decisions based on established standards and existing architecture.Partner with MSSP, MSP and other technology vendors to implement security solutions and for those solutions maintain the software, hardware, systems making up the enterprise security stack.Assist with the deployment, maintenance and support of IT security systems and applications across the enterprise.ROLE QUALIFICATIONS
EDUCATION & EXPERIENCE
Bachelor's degree in a computer-related engineering field.At least two (2) to five (5) years of progressing industry experience.At least one (1) language from the set {.NET, Python, C/C++, TypeScript}.Microsoft Certified Azure Security Engineer (AZ-500) certification.Experience with AWS and Google Cloud Environments.Proficiency in Azure Sentinel for threat detection, investigation, and response.Knowledge in security development, network security, and cloud security.Experience with improving DevSec Ops maturity levels of the overall development process.Implementation of credential scanning tools like Git Guardian in the CI/CD pipeline.Knowledge with Integrating SAST, SCA, and scanning tools such as SonarQube, SonarCloud, Fortify, Veracode, OWASP Dependency Check, Snyk, Trivy and Checkmarx, Aqua, Black Duck into the CI/CD pipeline.Implementations in security best practices for Azure cloud solutions to comply with requirements.Manage user access and identity using Azure AD, Azure AD B2C, and OAuth.Conduct risk assessments and developed mitigation strategies within the Azure environment.Integrate various security scanning tools (SAST, SCA, DAST) into the CI/CD pipeline for early vulnerability detection.Perform security testing methodologies (SAST, SCA, DAST) and analyzed false positives.Review source code security before migration to cloud platforms.Preferred
Kubernetes and container technologiesIoT or robotics technologies, including firmware, CAN architectures, and real-time operating systemsKEY COMPETENCIES
Results-Oriented:
ability to plan, schedule and organize professional schedule to achieve strategic goals within or ahead of established time framesAdaptability to Change:
ability to be flexible and supportive, react swiftly to and able to positively and proactively assimilate change in rapid growth environmentInterpersonal Communication:
ability to choose a communication behavior that is both appropriate and effective for a given situation; the ability to understand and manage your own emotions, as well as recognize and influence the emotions of othersTeam Orientation and Collaboration:
ability to successfully build and maintain collaborative relationships to work effectively together as a team through shared responsibility, respect, and empathy to complete a shared goal for a common goodAccountability:
ability to act with a clear sense of ownership; takes personal responsibility for decisions, actions, deliverables, and failures; establishes clear responsibilities and processes for monitoring work and measuring results; embraces experimentation, creativity, and positive changeCultural Competence:
ability to understand and respect values, attitudes, beliefs, and mores of the member that differ across cultures, and to consider and respond appropriately to these differences in planning, implementing, and evaluating health programs and interventionsWORKING CONDITIONS/EQUIPMENT USE
Work is performed indoors in a typical office environment - not substantially exposed to adverse environmental conditions.Must be able to lift up to fifteen (15) poundsFrequent use of office machines to include telephone, computer, and printer