Share this Job

Title:  Sr. Security Engineer

Location:  USA - North Carolina - Research Triangle Park
Requisition ID:  1304

Job Summary

Job Summary:
As a Senior Secure Development Lifecycle (SDL) Engineer, you will take an active role in a cross functional team, focused on planning and guiding the implementation of multiple product security assurance initiatives. You will plan, lead, and manage the application and compliance tracking of secure development lifecycle activities. This is a challenging position working in a very fast paced environment, with the opportunity to work collaboratively with like professionals in the Security, Engineering, Marketing, Operations, Legal, and Global Services functions, and to positively influence greater business outcomes.

Essential Functions/Responsibilities
The Senior Secure Development Lifecycle Engineer coordinates NetApp Technology Groups during the product lifecycle, ensuring security checkpoints are understood and completed. The role involves working with others who have a varying level of understanding of product security and how it impacts their functions. A successful candidate will be able to relate secure development to all levels of experience from senior leaders to entry level. The job requires the handling of sensitive information and requires exceptional judgment to protect the company and customer’s interests.

Define, commit, and track secure development lifecycle activities across the entire product development organization.
Continually working to improve application security through new and adjusted methodology and tooling.
Provide a leadership role to the core program team of professionals from Engineering Management, Marketing, Operations, Finance and Global Services functions, to drive all pertinent issues related to our secure development lifecycle process.
Coordinate with engineers, serve as a project lead, and/or recognized as an expert in secure design, development, and delivery.
Strong proficiency in technical security assessments including threat modeling and attack surface analysis, security baseline analysis, security requirements/architectural review and final security reviews and recommendations.
Work with the management team in planning and managing company resources to execute development projects or project components from design phase through implementation.
Identify and communicate project scope and ensure program milestones and objectives are met.
Keep management informed of key issues and changes which may impact expected business results.
Analyze problems and drive solutions involving multiple elements of program planning.
Ensure that projects adhere to the company processes and initiate process improvements as needed.

Familiar with product incident response practices.
Provide recommendations on remediation approaches that strike the right balance across business deliverables.
Develop security satellites as leaders within individual product teams.

Lead training efforts including development of content for broad consumption both live and on-demand.

Job Requirements

Requirements:
- Possess and demonstrate excellent written and verbal communication skills.
- Ability to work collaboratively within a team of other engineers and have strong influencing and leadership skills.

- Knowledge of multiple programming languages highly desirable.

- Ability to clearly articulate all touchpoints of a secure development lifecycle.
- Strong understanding of static analysis, dynamic analysis, fuzzing, OWASP top 10, SANS/CWE top 25 and vulnerability scanning.
- Storage background and understanding of network topologies highly desirable.
- Strong understanding of the network stack including ports and protocols.
- Proven experience in leading teams in software security test planning, automation, documentation and process improvement.
- Strong understanding of third-party and open source software integration and usage methodology.
- Understanding of security maturity models such as BSIMM or OpenSAMM preferred.

- Strong collaboration skills over application sharing platforms and video conferencing.

- Ability to travel 20% of the time.

Education

Education & Experience:
- A minimum of 10 years of experience is required. 8 to 10 years of related experience is preferred.
- CISSP or comparable professional certification highly desirable
- A Bachelor of Science Degree in Engineering or Computer Science, a Master Degree, or a PhD; or equivalent experience is required.
- Demonstrated ability to have completed multiple, complex projects.

Equal Opportunity Employer Minorities/Women/Vets/Disabled.


Job Segment: Engineer, Computer Science, Product Development, Testing, Compliance, Engineering, Research, Technology, Legal