Applications Security Engineer

2021-03-31T21:28:16.537

Information clé

Logiciel
Recherche, conception et développement
Ingénieur & Cadre
3151 e imperial hwy ca 92821 brea, California, ETATS-UNIS
CDI, Temps complet
Aucun diplôme
Supérieure à 8 ans
2021-88433

Description de la mission

Job Summary:
The Application Security Engineer II will assist in planning and defining security controls for Company products and services by identifying/prioritizing vulnerabilities in our embedded operating systems, applications, drivers, databases, and related infrastructure components (on-prem, in cloud, hybrid networking). This position will also provide resolution guidance to the software development team, review code for adherence to security practices, conduct application security tests, monitor security events and audit trails, and respond to incidents. The Application Security Engineer II will also be responsible for educating and mentoring development teams on secure coding and application security best practices. They will work cross functionally with engineering architecture, software development and SecDevOps teams.

Duties and Responsibilities:
 Identify risks and areas of exposure in products, applications & services developed and/or utilized by the Company
 Perform security reviews of source code, stored procedures, and server/service configurations
 Define and document application security requirements for products, applications & services developed and/or utilized by the Company
 Oversee development of security components throughout all stages of the SDLC
 Perform manual and automated security testing of products, applications & services developed and/or utilized by the Company
 Monitor application logs and audit trails
 Monitor industry trends, threat landscape and recommend necessary controls or countermeasures
 Educate developers on secure coding techniques and security best practices
 Participate in development of security architectures, policies, standards, and processes
 Participate in Product Security incident Response Team (PSIRT), handling and performing application-related forensics activities
 Perform proactive research to detect new attack vectors
 Develop threat models based on data flows to identify threat scenarios and determine risk acceptability
 Balance security risk and product advancement within the parameters of the business
 Perform other job-related duties as assigned

Description complémentaire

#LI-6SH1

Votre profil

Preferred Qualifications and/or Education:
 Bachelor's degree in Information Security, Information Systems, Application Development, Computer Science, Computer Engineering, or other related fields; or 5 years of relevant experience
 3-6 years of hands-on application development experience
 2+ years of hands-on application security experience
 1+ years of experience with real-time operating systems including embedded Linux, Timesys or other RTOS
 Professional security certification such as CISSP, CEH, GIAC highly desired
 Intermediate proficiency with C/C++ or Java. Experience with lower-level languages (Assembly), debug and reverse-engineering tools (IDAPro, JTAG, and disassemblers etc.) is a plus
 Intermediate knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay)
 Intermediate knowledge of SCA/SAST/DAST methodologies including vulnerability/penetration assessment tools (e.g. Nmap, Nessus, Kali) & web application testing tools (eg: Burp, Parox, Fiddler, Havij, netcat)
 Knowledge of encryption technologies, secure communications, and secure credentials management
 Knowledge of networking (TCP/IP, VLAN, segmentation) and web (HTTPS/API/REST/JSON) methodologies
 Experience and familiarity with widely accepted vulnerability frameworks and guidance (i.e., CVSS, OWASP, NIST, etc.)
 Demonstrated experience scripting with languages like Python, PowerShell, bash, etc. to create and automate security controls
 Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as PCI-DSS, ISO 27001/27013, NIST 800-53, RTCA DO-326A / 356A, and/or EUROCAE ED-202A
 Ability to identify security vulnerabilities from source code reviews and testing
 Experience in writing software security requirements, functional and integration testing, writing test cases and test procedures
 Ability to write proof-of-concept exploits is a big plus
 Can think like an attacker and use that context to develop threat models
 Experience with cloud, host, network, and application security
 A knack for finding flaws in software and can efficiently communicate how to fix them
 Ability to effectively communicate and educate others on the need and value-add of security efforts

Entité de rattachement

Safran Passenger Solutions

Safran est un groupe international de haute technologie opérant dans les domaines de l'aéronautique (propulsion, équipements et intérieurs), de l'espace et de la défense. Sa mission : contribuer durablement à un monde plus sûr, où le transport aérien devient toujours plus respectueux de l'environnement, plus confortable et plus accessible. Implanté sur tous les continents, le Groupe emploie 79 000 collaborateurs pour un chiffre d'affaires de 16,5 milliards d'euros en 2020, et occupe, seul ou en partenariat, des positions de premier plan mondial ou européen sur ses marchés. Safran s'engage dans des programmes de recherche et développement qui préservent les priorités environnementales de sa feuille de route d'innovation technologique.

Safran est classé meilleur employeur mondial 2020 dans son secteur par le magazine Forbes.

Safran Passenger Solutions concentre son activité sur l'amélioration de l'expérience passagers en fournissant des systèmes de divertissement à bord, de climatisation de la cabine et des équipements, de gestion de l'eau et des déchets, d'éclairage ainsi que des systèmes avancés pour les avions commerciaux et d'affaires.

Appuyer sur Entrée pour valider ou Echap pour fermer