|Location||Arlington, VA or Remote|
|Preferred GIAC Certifications||GWEB, GWAPT, GCIA, GCIH|
|Contact Name||Bryan Scarbrough|
Senior Security Engineer, Application Security, who will be responsible for designing, building, and delivering significant components of Interos' threat hunting strategy and overall security posture. You will work on a cross-functional team with knowledge of security processes and procedures, best practices, perform in-depth and advanced analysis in the pursuit to prove or disprove malicious activity. Knowledge and experience with information security controls, infrastructure, implementation techniques, familiarity with adversarial techniques, and application and infrastructure assessment are critical components for this role. You will demonstrate organizational and cross-functional communication skills to drive investigations into threats throughout the organization.
- Responsible for developing secure coding guidelines and best practice documentation for custom developed applications as well as ensuring the guidelines are followed.
- Conduct assessments using COTS and other tools to ensure coding practices are followed and effective as well as identify risks.
- Produce and update secure coding guidelines and related documentation
- Collaborate with development teams to ensure secure coding best practices are followed
- Collaborate with development teams to support remediation of software vulnerabilities
- Provide coding guidance to ensure best practices are continually followed and issues addressed.
- Conduct assessments of custom applications and related code to identify risks
- Perform general security policy development/maintenance and audit compliance support
- Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience
- 6+ years of hands-on experience in information security
- 5 years of direct experience supporting secure coding practices
- Demonstrated understanding of web application and database security
- Knowledge of software/application hardening OR input validation testing OR SQL injection testing a PLUS!
- Strong technical background in software security design/implementation and data protection
- Strong communication, interpersonal, consulting style skills to interface with staff, developers, and customers
- Knowledge of all domains within information security, especially defensive strategies, MSSP's
- 3+ years experience with more than one IDS/IPS, EDR, SIEM, and manual log analysis techniques
- 4+ years experience in Shell scripting or automation of tasks using Python
- Experience in application development using languages like Go, C/C++, or C# and source code review for control flow and security flaws
- Thorough understanding of network protocols, data on the wire, and covert channels
- Mastery of Unix/Linux/Mac/Windows operating systems, including Bash and Powershell
- Experience in scripting and configuration of SIEM tools
- Knowledge of web application logs and system event logs (Windows & *Nix)
- Ability to navigate and work effectively across a complex, geographically dispersed organization
- Demonstrated ability to self-direct, with minimal supervision to achieve assigned goals
- Eligibility to obtain a security clearance is preferred
- Certifications in one or more of the following:
- SANS GIAC Certification(s)
- Other cybersecurity offense / defense certifications