Go Back

Sr. Fortify Security Engineer

New York, New York
06/06/18
0 Applications
Job Type:
Contract
Salary:
[n/a]
Start Date:
ASAP

Sr. Fortify Security Engineer

Location: New York City, NY

Duration: 6 month Contract

Client will pay for flights, hotel and meals for the full term of the contract. 

 

The Senior Application Security Engineer is responsible for promoting, designing, and evaluating application security in all phases of the application life cycle. The candidate shall ensure that appropriate and effective secure coding techniques and solutions are identified, implemented, and used.

 

Duties and Responsibilities:

  • Implement the principles and processes related to the SafeCode security framework
  • Providing software architecture security guidance, including developing application threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities.
  • Provide secure coding recommendations in a variety of programming languages including Java/J2EE and/or C#/ASP/.NET
  • Support the planning and execution of the application security testing and evaluation program with possibility to mentor peer team members
  • Advise and consult internal clients on appropriate application of security practices and existing security services to solve problems or enable new business opportunities.
  • Explain software vulnerabilities to both technical and non-technical audiences
  • Administer the HPE Fortify product suite
  • Plan and integrate HPE Fortify Static Code Analyzer (SCA) into project team’s development environments
  • Working knowledge of the following tools and processes:
    • Fortify Manager
    • Fortify Audit Workbench - must be able to update security content, scan Java projects, scan complex projects, analyze scan results using the issues panel, set filters and filter sets, view suppressed, removed and hidden issues.
  • Provide advice and guidance on how to remediate security vulnerabilities in a variety of programming languages
  • Provide detailed security recommendations for the secure development of systems
  • Assist customer resources in secure development techniques using HPE Fortify and set up Key Performance Metrics and reports in HPE Fortify Software Security Center
  • Software Security Assessment: Evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques specifically for HP Fortify SSC. Write HP Fortify rules.
  • Application Security Control Development: Provide expert guidance to developers on the appropriate selection and implementation of relevant application security controls.
  • Security Awareness Training: Design, develop and deliver presentations focused on raising awareness for crucial security relevant considerations and defensive programming techniques.
  • Serve as subject matter expert on application and information security technologies and methodologies.
  • Create documentation related to specific security topics, as required

 

Qualifications and Experience:

Required -

  • Three or more years of C++ programming experience
  • Two (2) or more years in software engineering and development with emphasis on the delivery of secure, Internet-exposed, multi-tier, web-based systems using Java/J2EE and/or C#/ASP/.NET (experience with both a plus).
  • Hands-on experience evaluating the security of applications using both manual and automated techniques. Relevant tool experience should include code security scanners such as Fortify SSC, CheckMarx, VeraCode, IBM Rational AppScan.
  • Experience mentoring and leading small teams and demonstrated responsibility for managing security assessments for a portfolio of applications.
  • Strong written and verbal communication skills. Specific relevant experience may include technical reports (especially application security assessment reports), technical whitepapers, presentation development and delivery (for both technical and business audiences), technical training, etc.
  • Candidate should have experience making and defending sound technical arguments that incorporate relevant technical and business considerations, and building consensus among stakeholders.
  • Knowledge/hands-on experience in implementing DevSecOps (enabling security in DevOps).
  • Design patterns and coding standards for secure software.
  • Experience with one or more of the following: Microsoft Visual Studio, Eclipse, Web Sphere Application Developer

 

Certifications: Minimum of one of the following certifications: CSSLP, CISSP, CISM, CEH or similar cybersecurity certification. Preference will be given to CSSLP.







Shortlist Email this job




Featured Jobs


Cylon Technologies
Sr. Fortify Security Engineer
Sr. Fortify Security Engineer Location: New York City, NY Duration: 6 month Contract Client will pay ...

Cylon Technologies
Google Cloud Developer
Google Cloud Developer Location: Atlanta, GA.  Duration: 30 months Status: US Citizen ...

Cylon Technologies
Java / AWS/ Microservices Developer
Java / AWS/ Microservices Developer Location: Tampa, FL.  Duration: 30 months+Status: US Citizen ...

Cylon Technologies
QAD Developer
QAD Developer  Location: Southfield, MI.  Duration: 12 months+ Our client has an immediate ...

Cylon Technologies
Java Developer
Java Developer Location: Phoenix, AZ. Duration: 12 months +   Required Skills: Java Engineer REST APIs, Microservices Caching-REDIS (nice ...



Advertisements






Jobs from Indeed