Growing interactive agency has a full-time opening for a Senior Software Security Engineer. Education: 4 Year Degree BA/BS (prefer Computer Science or Electrical Engineering) Experience: Minimum 10 years work experience, 4 years of security management for web servers and databases. Minimum 2 years of experience performing static code analysis with HP Fortify. Prior professional services and/or operational datacenter experience strongly desired. Prior financial services or pharmaceutical experience preferred. Description We currently seek a Senior Security Engineer with a background in secure coding practices for financial services for our New York, NY office. Prior experience performing static code analysis, dynamic code analysis and penetration testing is required. Prior professional services experience is preferred. This position will be hands on and may require variable working hours based on project timelines, maintenance windows and on-call events. Responsibilities:
Manage code review and testing process static analysis, dynamic analysis and penetration testing
Manage vulnerability remediation discovered during code analysis and testing
Configure and harden web applications using IIS on production, stage and development environments
Primary interface to external vendors performing white hat penetration testing of our assets
Regularly monitor and scan network infrastructure and servers with tools such as Nessus
Assist with testing, defect tracking and debugging of work in process
Collaborate with software engineers, information architects and data center operations teams to design new web experiences with a focus on secure applications
Required Skills:
Expert level software engineer with experience in C#, SQL Server and .Net or Java
Application hardening experience
Expert level user of HP Fortify tools
Knowledge of OWASP standards and best practices
Working knowledge of Visual Studio or similar IDE
Able to understand technical guidelines and write code to company standards
Change management and scheduling of changes to production systems in maintenance windows
Knowledge of standard web application structures, rich web technologies (e.g., Web 2.0, HTML, browsers, Flash, etc.)
Experience working with QA team to debug deliverables
Solid organizational skills
Attention to small details is a MUST
Desirable Security Skills: - (Any of these are a plus):
Prior experience with IBM AppScan or Ounce static code analysis tools
Prior experience with Imperva WAF appliances
Prior experience with Cisco ASA firewalls
Prior experience with Palo Alto NG Firewall management
Prior experience with McAfee IPS appliances
Prior experience with RSA SecureID infrastructure
Prior experience with AlertLogic Threat Manager management
Prior experience with AlertLogic Log Manager management
Prior experience with encryption key management
Prior experience with VPN configuration, management and security
Desirable Software Engineering Skills: - (Any of these are a plus):
Prior experience with database driven marketing programs
Basic HTML skills, ability to hand code websites with complex CSS
Basic AJAX knowledge
Industry: Online Advertising & Marketing Services
Discipline: SW Design/Dev
Experience: Less than 5 Years
Compensation: $125K+
Company: PRI Technology