Jobs
>
Rockville

    software security engineer - Rockville, United States - Target Labs

    Target Labs
    Target Labs Rockville, United States

    3 weeks ago

    Default job background
    Description


    The Software Security Engineer (SSE) is responsible for supporting the promotion, design, and evaluation of software security in all phases of the application life cycle.

    The SSE shall ensure that appropriate and effective security techniques and solutions are identified, implemented, and used.

    Essential Job Functions:

    • Software Security Assessment: Evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques.
    • Software Security Control Development: Provide expert guidance to developers on the appropriate selection and implementation of relevant application security controls.
    • Security Infrastructure: Support various deployment and integration activities for security considerations associated with enterprisewide infrastructure and services such as DLP, CMDB, ESB, Identity & Access Management, Network Segregation, Trusted Communications, ...
    • Security Awareness Training: Design, develop and deliver presentations focused on raising awareness for crucial security relevant considerations and defensive programming techniques.

    Other Job Functions:


    Participate in research of information security technologies (in the areas of application and application infrastructure components) and propose ideas for new security service development.

    Participate in all aspects of security service development projects including the following project phases:

    business case development, requirements gathering, architecture development, product/service selection and procurement, functional & QA testing, detailed technical design, technology infrastructure implementation and deployment, migration from existing services, operational process and procedure documentation, operations staff training, and internal marketing of security services.

    Advise and consult internal clients on appropriate application of security practices and existing security services to solve problems or enable new business opportunities.

    Deliver previously developed information security services in support of corporate needs including:
    requirements gathering, technical design, service deployment and integration, migration, operational transition, end user documentation, user training.

    In support of various enterprise IT initiatives, recommend, customize, implement, document, and transition to operations reusable technical security service components including application level intrusion detection systems, authentication systems, authorization systems, audit trail management systems, cryptographic systems, and others as defined by management.

    Research and implement new security technologies to be used as point solutions for IT initiatives unable to take advantage of or needing greater functionality than reusable enterprise security services.

    Recommend new security service development ideas based on accumulated knowledge of project-specific security requirements.

    Identify and implement improvements to application security team processes and supporting software tools (Java and C#/ASP based)to continually improve the team's effectiveness and efficiency.

    Serve as subject matter expert on application and information security technologies and methodologies.
    Perform other duties and responsibilities as assigned.

    Essential Education/Experience Requirements:

    • Bachelor of Science in Computer Science, or equivalent education or experience. Emphasis in software security a plus.
    • At least three (1) year of professional experience, including.
    • Software development with emphasis on Internetexposed, multitier, webbased systems using Java/J2EE and/or C#/ASP/.NET (experience with both a plus).
    • Handson experience evaluating the security of applications using both manual and automated techniques. Relevant tool experience should include code security scanners such as Fortify SCA, web vulnerability scanners such as HP WebInspect or IBM Rational AppScan, assessment support tools such as BurpSuite, Metasploit, Core Impact, etc.
    • Masters degree may be considered in lieu of experience.
    • Strong written and verbal communication skills. Specific relevant experience may include technical reports (especially application security assessment reports), technical whitepapers, presentation development and delivery (for both technical and business audiences), technical training, etc. Candidate should have experience making and defending sound technical arguments that incorporate relevant technical and business considerations, and building consensus among stakeholders.

    Other Desirable Experience:

    • Securityrelated experience with the following.
    • Providing software architecture security guidance, including developing application threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities.
    • Web Application Firewalls such as ImpervaSecureSphere.
    • Design patterns and coding standards for secure software.
    • Secure configuration and operation of Application Servers, Web Servers, Directory Servers, Media/Content Servers, Messaging Servers, Database Servers, and Integration Servers.
    • Application authentication & authorization systems such as RSA ClearTrust and NetegritySiteminder.
    • Knowledge of cryptographic tool kits for application development such as RSA BSAFE or others.
    • Knowledge of and experience with builtin and addon security capabilities of common application infrastructure components such as MS SQLServer, Oracle, MS IIS, iPlanet Directory, MS Active Directory, MQSeries, MSMQ, MS Exchange.
    • Knowledge of general application security API's and protocols such as: MS CryptoAPI, Kerberos, SSL/TLS, SAML, S/MIME, and PKCS API's.
    • Knowledge of cryptographic solutions for protection of data in use, in transit and at rest, such as: Masking, SSL/TLS, IPSec, format preserving encryption & sanitization, etc.
    • Knowledge of security considerations related to virtualization and cloud computing.
    • Mobile Application Security on iOS and/or Android devices; includes experience in secure development of applications and/or analysis.
    • Financial services industry (Insurance, Banking, Investments) experience a plus.
    #J-18808-Ljbffr
  • Experis

    Security Engineer

    2 days ago

    Experis Rockville, United States

    Experis IT is partnered with a provider of 'ensuring the integrity of America's financial system' in their search for a · Security Engineer/Lead of AWS Web Application Firewalls (WAF) . · The main function of a · Security Engineer/Lead · is to plan, coordinate, and implement secu ...

  • RCG Moody International Limited c/- Intertek

    Security Engineer III

    1 week ago

    RCG Moody International Limited c/- Intertek Rockville, United States

    TITLE: Security Engineer III · Duties: Assist in the development of all test reports and required certification documentation. Review of all test reports and required certification documentation. Review/comment submission-related output from other Engineers. Lead CAVP algorithm ...

  • AstraZeneca

    Director of Product Security Engineering

    2 weeks ago

    AstraZeneca Gaithersburg, United States

    Are you ready to be part of the future of healthcare? Are you able to think big, be bold, and harness the power of digital and AI to tackle longstanding life sciences challenges? Then Evinova, a new health tech business part of the AstraZeneca Group might be for you · **Key Respo ...

  • Visionary Technology Consultants

    Cloud Security Engineer

    2 weeks ago

    Visionary Technology Consultants Rockville, United States

    Job Description · Job Description Job Description: · We are seeking a highly skilled and experienced Cloud Security Engineer to join our dynamic team. As a Cloud Security Engineer, you will be responsible for designing, implementing, and managing AWS-based solutions with a focus ...

  • NovaWorks Solutions

    Security Engineer

    3 weeks ago

    NovaWorks Solutions Germantown, United States

    We want to make a difference - are you with us? We ensure that over 80 million people in Germany can benefit from digital healthcare. Join us in shaping the healthcare system of tomorrow. · Your work area · DEMIS is the digital platform for Germany and the healthcare sector, prov ...

  • BioSpace, Inc.

    IT Security Engineer

    3 weeks ago

    BioSpace, Inc. Rockville, United States

    Job Details · Description · Duties: Manage, configure, and administrate commercial firewall products. Setup, configure, and maintain Palo Alto perimeter defense appliances. Utilize Panorama with strategic development of policies, rules, NATS, and security profiles. Implement net ...

  • The U.S. Pharmacopeial Convention (USP)

    IT Security Engineer

    1 week ago

    The U.S. Pharmacopeial Convention (USP) Rockville, United States

    IT Security Engineer ( Multiple Openings) · Rockville , · Maryland · Apply Now · Apply Now w/ LinkedIn · Duties: · Manage, configure, and administrate commercial firewall products. Setup, configure, and maintain Palo Alto perimeter defense appliances. Utilize Panorama with ...

  • United States Pharmacopeia

    IT Security Engineer

    3 weeks ago

    United States Pharmacopeia Rockville, United States Full time

    Description · Duties: Manage, configure, and administrate commercial firewall products. Setup, configure, and maintain Palo Alto perimeter defense appliances. Utilize Panorama with strategic development of policies, rules, NATS, and security profiles. Implement network security p ...

  • Innovative Management & Technology Services

    Senior Security Infrastructure Engineer

    4 weeks ago

    Innovative Management & Technology Services Rockville, United States

    Company Overview: · Join a fast-growing company highly experienced in cyber security, cloud computing, virtualization, big data analytics, and project management IMTS offers competitive compensation, excellent benefits including tuition reimbursement and employer-contributed 401K ...

  • Innovative Management & Technology Services

    Senior Security Infrastructure Engineer

    2 days ago

    Innovative Management & Technology Services Rockville, United States

    Company Overview: · Join a fast-growing company highly experienced in cyber security, cloud computing, virtualization, big data analytics, and project management IMTS offers competitive compensation, excellent benefits including tuition reimbursement and employer-contributed 401 ...

  • ConsultNet

    Sr Application Security Penetration Tester, Security Engineer

    1 week ago

    ConsultNet San Francisco, United States Permanent

    Application Security Pen Tester (Security Engineer) · Long-Term Contract · Anywhere, US (100% Remote) · Job Description: · Summary: · Our client is seeking a strong Security Engineer with AppSec pentesting expertise specifically, must be hands-on · Should have IAST, SAST, DAST t ...

  • Crimson Enterprises

    IT Security Engineer

    4 weeks ago

    Crimson Enterprises Arden on the Severn, United States

    With more than 1,500 stores in 19 European countries, C&A is one of the leading fashion companies in Europe. C&A welcomes over two million visitors daily to its stores and offers high-quality fashion at affordable prices for the whole family. We embrace the digital transformation ...

  • Visionary Technology Consultants

    IT Security and Cloud Infrastructure Engineer

    3 weeks ago

    Visionary Technology Consultants Rockville, United States

    Job Description · Job Description Job Description: · We are seeking a highly skilled and motivated IT Security and Cloud Infrastructure Engineer to join our dynamic team. The ideal candidate will play a key role in supporting our Nessus vulnerability scanning and configuration co ...

  • Omm IT Solutions

    Security Engineer

    2 days ago

    Omm IT Solutions Washington, United States

    This is a 100% Onsite Role. · About the Position: · The Security Operations Engineer shall be responsible for implementing new firewall architectures, upgrades and features as necessary and assisting in the administration of all information security firewalls to include updates, ...

  • Innovative Management & Technology Services , LLC

    Security Infrastructure Engineer

    2 days ago

    Innovative Management & Technology Services , LLC Rockville, United States

    Company Overview: · Join a fast-growing company highly experienced in cyber security, cloud computing, virtualization, big data analytics, and project management IMTS offers competitive compensation, excellent benefits including tuition reimbursement and employer-contributed 401K ...

  • Target Labs

    application security engineer

    3 weeks ago

    Target Labs Rockville, United States

    The Application Security Engineer (ASE) is responsible for promoting, designing, and evaluating application security in all phases of the application life cycle. The ASE shall ensure that appropriate and effective security techniques and solutions are identified, implemented, and ...

  • Visionary Technology Consultants

    Cloud Security Engineer

    2 weeks ago

    Visionary Technology Consultants Rockville, United States

    Job Description · Job Description · Job Description: · We are seeking a highly skilled and experienced Cloud Security Engineer to join our dynamic team. As a Cloud Security Engineer, you will be responsible for designing, implementing, and managing AWS-based solutions with a fo ...

  • Intertek

    Security Engineer III

    2 days ago

    Intertek Rockville, United States

    Job Description · TITLE: Security Engineer III · Duties: Assist in the development of all test reports and required certification documentation. Review of all test reports and required certification documentation. Review/comment submission-related output from other Engineers. Le ...

  • Innovative Management & Technology Services

    Security Infrastructure Engineer

    2 weeks ago

    Innovative Management & Technology Services Rockville, United States

    Job Description · Job DescriptionCompany Overview: · Join a fast-growing company highly experienced in cyber security, cloud computing, virtualization, big data analytics, and project management IMTS offers competitive compensation, excellent benefits including tuition reimbursem ...

  • Intertek Group

    Security Engineer III

    2 days ago

    Intertek Group Rockville, United States

    Job Description · TITLE: Security Engineer III · Duties: Assist in the development of all test reports and required certification documentation. Review of all test reports and required certification documentation. Review/comment submission-related output from other Engineers. Le ...