Randstad Sr. Software Security Engineer in Atlanta, Georgia

Sr. Software Security Engineer

job details:

  • location:Atlanta, GA

  • date posted:Tuesday, March 13, 2018

  • job type:Permanent

  • industry:Information Technology

  • reference:607709

job description

Senior Software Security Engineer

Location: Atlanta, GA, US

Senior Software Security Engineer


Software Security Engineers contribute to the secure development of software applications to help protect our clients', our employees', sensitive data and business systems from both internal and external threats. As an individual contributor within Secure Design & Engineering team, you will play an active role in defining requirements evaluating tools and metrics, and contributing to the secure development of software that runs our business. We're looking for sharp, motivated team players to help us strengthen our security posture to keep the bad guys out. To do that, we'll want you to bring to the table most of the following:

  • 4 - 6 years of experience developing and/or testing software solutions with an emphasis on secure design and implementation tactics.

  • Experience with cryptography and open source software components

  • Proven experience following or implementing a systems development lifecycle (agile, waterfall, DevOps, etc.)

  • Development experience with C# and VB (.NET) on Windows and Java on Linux operating systems as well as popular databases (i.e. SQL, Oracle)

  • Experience with SAST tools (e.g. Checkmarx, Coverity, Fortify, Veracode, WhiteHat Security)

  • Experience with DAST, IAST, RASP and WAF tools

  • Experience automating manual tasks using languages such as Perl, Powershell, Python, PL/SQL, or through SOAP or RESTful APIs

  • Familiarity with CVE, CWE, and CVSS identification systems

  • Experience defining secure development standards

  • Experience in threat modeling and architectural risk analysis

  • Possess a thoughtful understanding of modern cyber security threats and relevant tactics for implementing measures to combat those threats

  • Experience performing application assessments or limited penetration testing on business systems or platforms

  • Ability to mentor junior cyber security teammates, enabling their growth as professionals

  • Strong written and verbal communication (including presentation) skills to effectively convey or influence ideas

  • Ability to provide thought leadership on multiple cyber security domains or concepts

Works with software development teams to assure compliance with standards and best practices for secure software development. Helps developers interpret test results and utilize appropriate coding mitigation/remediation. Contributes to the creation of secure development standards and associated training modules for developers. Defines requirements and leads evaluation of new software test tools. Collaborates with development process (SDLC, Agile, etc) teams to assure cohesive integration of security practices. Applies an understanding of key business processes and practical experience to solve a range of straightforward problems innovatively. Analyzes possible solutions using experience, judgment and precedents. Works under moderate supervision.


Basic Requirements:

  • Bachelor's degree in and 5 years of experience in systems engineering or administration or an equivalent combination of education and work experience.

  • In-depth knowledge in information systems and ability to identify, apply, and implement best practices.

  • Understanding of key business processes and competitive strategies related to the IT function.

  • Ability to plan and manage projects.

  • Ability to solve complex problems by applying best practices.

  • Ability to provide direction and mentor less experienced teammates.

  • Ability to interpret and convey complex, difficult, or sensitive information.

Preferred Requirements: Bachelor's degree in computer science or management information systems and 4+ years of experience. Banking or financial services experience. Relevant cyber security certifications, such as CSSLP, CEH, GIAC-GWEB, CISSP, SANS, OCSP, and others are a plus, but not required.