Posted in Other 25 days ago.
Location: New York, New York
Location: REMOTE
Description: Our client is currently seeking a Information Security Analyst - III/ REMOTE (EST)
Description Looking for a Product Security Penetration Tester/Engineer to join our team.
This candidate will be responsible for ensuring the adoption of the product security framework within our product business unit in order to improve the security of products and solutions.
This individual will work with a cross-functional team to improve the design and development of our products, including but not limited to devices, software and cloud infrastructure.
The role will include overarching product security activities within the business portfolio of products; such as product security risk assessments, remediation planning, awareness/training, incident response, and strategic initiatives.
In addition, this individual will design and execute formal penetration testing of existing and future products in collaboration with our corporate product security engineering team.
JOB DUTIES: Perform formal penetration testing of products and solutions, including remediation planning and solution identification Perform Threat Modeling & Vulnerability Management process and tools for all developed products/services/solutions Research, document and discuss security findings with management and product management teams
Perform design and implementation security reviews for all products and ensure adoption of product security framework and policies
Provide feedback and verification of remediation for the identified vulnerabilities
Provide clear and concise reporting of vulnerabilities and defects with potential resolutions and recommendations.
Track and report adherence to product security requirements throughout software development lifecycle, pre- and post-commercialization
Propose and evaluate innovative new security features that could benefit our products
Develop technical solutions to address security weaknesses and collaborate with relevant stakeholders to effectively implement them in our products Assist with security incident response as needed May perform other duties as identified
MUST HAVE SKILLS:
Expertise in conducting application security assessments covering threat modeling, design reviews, project management and in-depth implementation audits.
A minimum of 2 to 5 years of industry experience in security and development Solid foundation in formal penetration testing, ethical hacking of embedded systems, web applications and complex networked system
Demonstrate knowledge of product security requirements and secure coding standards, e.g., NIST SP 800-53, ISO/IEC 27001, OWASP, SEI CERT, and MS Secure Coding Standards
DESIRED SKILLS:
Demonstrates thorough abilities and/or a proven record of success in the following areas:
- Engaging business and technology stakeholders at all levels to gather long term goals and requirements;
- Demonstrating hands-on engineering experience with enterprise security technology;
- Contributing to a central technology service organization;
- Navigating a matrix organization; and,
- Collaborating with multiple stakeholders across functional and technical skill sets.
EDUCATION/CERTIFICATIONS: Ideal candidate will have BS or MS in Computer Science, Information Security or equivalent experience, Offensive Security Certified Expert (OSCE) or an Offensive Security Certified Professional (OSCP)
|
H2M architects + engineers
|
|
H2M architects + engineers
|
|
KinderCare Education LLC
|
