Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Senior Security Engineer, Application Security
Company Interos
Location Arlington, VA or Remote
Preferred GIAC Certifications GWEB, GWAPT, GCIA, GCIH
Travel 5%
Salary Not provided
Contact Name Bryan Scarbrough
Contact Email bscarbrough/at/
Expires 2021-10-21

Job Description

Senior Security Engineer, Application Security, who will be responsible for designing, building, and delivering significant components of Interos' threat hunting strategy and overall security posture. You will work on a cross-functional team with knowledge of security processes and procedures, best practices, perform in-depth and advanced analysis in the pursuit to prove or disprove malicious activity. Knowledge and experience with information security controls, infrastructure, implementation techniques, familiarity with adversarial techniques, and application and infrastructure assessment are critical components for this role. You will demonstrate organizational and cross-functional communication skills to drive investigations into threats throughout the organization.

Essential Functions/Duties:
- Responsible for developing secure coding guidelines and best practice documentation for custom developed applications as well as ensuring the guidelines are followed.
- Conduct assessments using COTS and other tools to ensure coding practices are followed and effective as well as identify risks.
- Produce and update secure coding guidelines and related documentation
- Collaborate with development teams to ensure secure coding best practices are followed
- Collaborate with development teams to support remediation of software vulnerabilities
- Provide coding guidance to ensure best practices are continually followed and issues addressed.
- Conduct assessments of custom applications and related code to identify risks
- Perform general security policy development/maintenance and audit compliance support

Minimum Qualifications:
- Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience
- 6+ years of hands-on experience in information security
- 5 years of direct experience supporting secure coding practices
- Demonstrated understanding of web application and database security
- Knowledge of software/application hardening OR input validation testing OR SQL injection testing a PLUS!
- Strong technical background in software security design/implementation and data protection
- Strong communication, interpersonal, consulting style skills to interface with staff, developers, and customers
- Knowledge of all domains within information security, especially defensive strategies, MSSP's
- 3+ years experience with more than one IDS/IPS, EDR, SIEM, and manual log analysis techniques
- 4+ years experience in Shell scripting or automation of tasks using Python
- Experience in application development using languages like Go, C/C++, or C# and source code review for control flow and security flaws
- Thorough understanding of network protocols, data on the wire, and covert channels
- Mastery of Unix/Linux/Mac/Windows operating systems, including Bash and Powershell
- Experience in scripting and configuration of SIEM tools
- Knowledge of web application logs and system event logs (Windows & *Nix)
- Ability to navigate and work effectively across a complex, geographically dispersed organization
- Demonstrated ability to self-direct, with minimal supervision to achieve assigned goals
- Eligibility to obtain a security clearance is preferred

Preferred Qualifications:

Forensics background
- Certifications in one or more of the following:
- SANS GIAC Certification(s)
- Other cybersecurity offense / defense certifications