Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Security Automation Engineer
Company Bloomberg
Location NYC (remote during covid)
Preferred GIAC Certifications GWEB, GPYC
Travel 10%
Salary Not provided
URL https://careers.bloomberg.com/job/detail/81438
Contact Name MShrewsbury
Contact Email mshrewsbury/at/sans.org
Expires 2020-10-24

Job Description

Security Automation Engineer
New York, NY
Posted Feb 20, 2020 - Requisition No. 81438

Our Team:
The Product Security team is dedicated to making our products and technologies as secure as possible. We report into the CISO, but work closely with engineering teams, product teams, and others across the organization to integrate security into the product lifecycle from design through deployment. Our colleagues depend on us to be application, network, and host security pros. We specialize in defining security requirements, performing application security assessments, and providing developers with remediation advice. On any given day we're performing security reviews on internal and third party applications, while evaluating processes, network design, and access controls.
What's the Role?
As a Security Automation Engineer, you will utilize a combination of third party and custom developed tools to identify security vulnerabilities and drive remediation.
We'll Trust You To:
Develop and customize security tools used by security teams and developers.
Work closely with development teams to build security directly into their SDLCs.
Provide remediation guidance to programmers and management.
Perform manual reviews of applications using static analysis tools.
Perform dynamic testing of applications using more traditional pen testing tools.
You'll Need to Have:
Experience with writing code in a language such as Python, C/C++, Go.
Experience with static analysis tools such as Checkmarx or Fortify.
Familiarity with common vulnerabilities and attack vectors.
The ability to communicate complicated technical issues and risks to programmers, network engineers and managers.
We'd Love to See:
Experience integrating security tools into developer pipelines.
Experience as a highly technical information security consultant.
DevOps experience managing deployment and configuration.
Experience writing custom rules for static analysis tools.
If this sounds like you:
Apply if you think we're a good match. We'll get in touch to let you know what the next steps are.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.