OpenText Developer Class C - I

Location: Bellevue, WA
Date Posted: 04-02-2018
Job Description:
Additional Information
Job Description:
Automation/Application Security Engineer

Skills / Expertise:

-Working as a technical hands-on security leader alongside of application development teams, biz dev, DevOps and other delivery teams.
-Rock-solid automation engineer with deep technical and hands-on expertise to build an orchestration and automation platform with toolsets like Fortify, Burp suite, and similar kind of tools.
-Hands on expertise on Web Inspect Enterprise and automating the dynamic scanning where possible
-Strong development skills (Angular JS, Node JS, Shell Scripting, Python, more…)
-Must be highly motivated with strong communication skills and must be comfortable working in a fast-paced, dynamic team atmosphere
-Hands on expertise in Ansible, Puppet, Salt, CentOS, Git, Python, Elasticsearch, Logstash, JIRA, Rally, Graphite, AWS, OpenStack, Java, Node JS, Angular JS, Scripting

Responsibilities:

-You will be responsible to ensure that both internally developed applications and third-party vendor applications are implemented in a manner that assures the proper implementation of application security controls.
-You MUST stay ahead of the bad actors in helping us to secure our web and mobile applications.
-Performs static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
-Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
-Work closely with development/application teams early on in the design phase to ensure systems are built securely
-Provide subject matter expertise and mentorship on architecture, authentication and system security.
-Develops and implement manual and automated web application security testing of web applications to enforce security standards.
-Works with security product vendors and service providers to evaluate their security offerings.
-Must be familiar with the below Tool sets:
-Fortify SCA (Expertise: Advanced, must be able to automate the source code scanning through CI/CD stack)
-Fortify Web Inspect (Expertise: Advanced, must be able to automate where possible)
Nessus
Nmap
Veracode
Burp Suite
ZED attack proxy
SCAP
Threat Modeling (e.g. STRIDE)

-Must be very well versed with OWASP Top 10 vulnerabilities and must demonstrate to exploit such vulnerabilities in mobile, web and console applications.

Preferred Qualifications:

-S. or higher in Computer Sciences or related discipline 


Required Qualifications:
Are you passionate and want to work for an Application Security Team? You found your dream job!! We are crazy engineers approaching application security in an UnCarrier style. Of course, what else would you expect we are #Magenta. 
 
or
this job portal is powered by CATS