Portland Metro Area,
Post Date: 05/22/2018
Job ID: JN -052018-6212
Industry: SW Developer - Automation
Evo is seeking a Senior Security Engineer for our Beaverton Client at their Hillsboro location. As a Senior Security Engineer, your role on the team will be focused on the automation and integration of security vulnerability assessment systems to drive accountability & visibility of high risk findings. Sources of data will be from network vulnerability, dynamic web application, static code analysis and mobile application security tool suites. You will work with technical and business teams to understand customer use cases for remediation of the vulnerabilities and provide solutions to create self-service visibility into security findings for mitigation. You will also drive to improve application security practices, interact with development teams and focus on improving overall application quality. This contract opportunity is scheduled through 12/14/18, with an extension based on fit, need and budget.
SKILLS and REQUIREMENTS:
- Developing automation script/tools to scale out the vulnerability management team's work across the organization
- Subject Matter Expert for deployment & management of various security vulnerability assessment tools.
- Develop custom platform integrations, data correlation and processing strategies to reduce false positives and align data against client remediation policies
- Educate Engineers, developers and Product teams on the importance of Application Security, along with the services ability to assist them to be successful
- Assisting developer community to effectively utilize the tools and remediate findings identified
- Assist with maintaining pipeline integration of security tools into various development SDLCs
- Continually evaluate the current Application Security Program; work with the team to grow the program and develop future roadmap
- Communicate complex technical issues simply to different audiences
- Ability to quickly learn new Information Security concepts and adapt to a fast-paced, ever changing organization
- Working cross functionally with multiple teams on establishing new processes and improving existing security across the platform
Applicants must be fully authorized to work in the U.S. and physically be in the U.S.
- BS or MS degree preferred in computer science, information assurance
- Software development background and strong knowledge of software development lifecycles
- Experience in Application Security, Applied Cryptographic Protocols and administering web-based applications and servers
- Experience with security toolsets such as network vulnerability scanners (Nessus, Nexpose, Qualys), Dynamic Web application Scanners (WebInspect, AppSpider, Whitehat, Veracode), Static Code Analysis (Fortify, Veracode) and component lifecycle management tools (Sonotype, Blackduck)
- Ability to develop and communicate recommendations to management
- Ability to translate technical security vulnerabilities into business risk
- Strong problem-solving and conceptual thinking abilities
- Strong ability to reverse engineer tools, exploits and open source applications and ability to develop them
- Experience looking for application security vulnerabilities such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.
- In-depth familiarity with Windows and Unix Operating Systems
CORP-to-CORP requests will NOT be entertained.
Relocation assistance will not be available for this position.
Evo is an equal opportunity employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, disability, veteran status, sexual orientation, gender identity, or any other protected factor.