Security Engineer - IV
$135,200 - $156,000/Yr
The Judge Group - Boston, MA
posted 18 days ago
Full-time - Mid Level
Remote - Boston, MA
Administrative and Support Services
About the position
The Security Engineer - IV role focuses on ensuring security by design in product engineering and architecture for both consumer and business products. The position involves conducting security assessments, implementing security controls, and collaborating with product development teams to manage multiple projects that align with internal business unit security requirements. The role also includes providing guidance on security practices and leading initiatives to deliver timely security solutions that support business objectives.
Responsibilities
- Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible
- Work with the product teams to perform security design/code reviews and vulnerability assessments
- Provide security guidance to Engineering and Product teams
- Build threat models and participate in risk assessments for new features and services
- Create application threat models and provide guidance on effective countermeasures
- Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment
- Provide subject matter expertise on encryption, security controls, and secure design and programming practices
- Contribute to security policy, standards, and guidelines related to Information Security
- Evaluate and operationalize new technologies for securing the organization
- Help create product security inventory and product security lifecycle to align with standards
- Train and mentor new hire and Jr Product Security Architects
- Train and mentor Security Champions throughout the development
- Share thought leadership in the product and application security space
- Create security user stories and security test cases for products that are tailored to the product attributes and technology
- Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance
Requirements
- Bachelor's degree in a relevant field (Computer Science, Software Engineering, Security, or others) OR an equivalent combination of education, training, and experience
- Experience with performing security requirements analysis to secure the deployment of large globally distributed platforms
- Experience building threat models, conducting design reviews, and documenting relevant mitigation techniques
- Experience implementing security best practices and applying application security design patterns
- Experience with at least 3 technical disciplines, including Cloud Security, Penetration Testing, Application Security, Mobile Security, Secure Development methodologies, Software Development and Coding
Nice-to-haves
- Good understanding of mobile application security
- Experience with hands-on application penetration testing
- Experience securing cloud services, like AWS, Azure, or GCP
- Understanding of Docker, Kubernetes, and CI/CD pipeline
- Hands-on experience with security testing like SAST, DAST, and Pen testing
- Understanding of OWASP Top 10, CIS Top 20
- Understanding of authentication protocols like OID, OAuth2.0, SAML
- Knowledge of application security vulnerabilities, secure coding, and countermeasures
- Written and verbal skills for communicating security concepts and solutions
- Ability to prioritize between and execute on multiple work streams
- Experience with application programming and the overall software development life cycle
- Excellent organizational and interpersonal skills
- One or more of the following certifications: CISSP, CISM, SANS, CCSK, CCSP, Ethical Hacker cert.
Benefits
- Competitive hourly salary
- Remote work flexibility
- Opportunity to work on cutting-edge technology
- Professional development and training opportunities
