Listing Description
Job Description:
As a Senior Software Security and Compliance Engineer, you will play a critical role in ensuring the security and compliance of our software products. You will work closely with cross-functional teams, including software development, IT operations, and compliance, to identify and mitigate security risks and maintain regulatory compliance. This role offers an exciting opportunity to contribute to the security posture of our organization and help safeguard our clients' sensitive data.
Key Responsibilities:
Security Testing: Conduct security assessments and vulnerability assessments on software applications and systems to identify weaknesses and vulnerabilities.
Incident Response: Collaborate with the incident response team to investigate and respond to security incidents, breaches, and vulnerabilities, including prioritization with software development teams on remediation strategies.
Security Code Reviews: Review code for security flaws and provide guidance to development teams on secure coding practices.
Compliance Management: Assist in developing and maintaining security policies, standards, and procedures to ensure compliance with industry regulations (e.g., GDPR, HIPAA, ISO 27001) and client-specific requirements.
Security Training: Conduct security awareness training for developers, educating them on best practices for software security.
Security Audits: Assist with internal and external security audits and assessments, ensuring compliance with regulatory standards.
Security Tool Evaluation: Evaluate and recommend security tools and solutions to enhance the security posture of the product.
Threat Intelligence: Stay up to date with the latest security threats, vulnerabilities, and industry trends to proactively identify potential risks.
Documentation: Maintain comprehensive documentation of security processes, findings, and remediation efforts.
Qualifications:
Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree preferred).
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certifications preferred.
Strong understanding of software security principles, secure coding practices, and vulnerability assessment techniques.
Proficiency in programming languages (e.g., Java, C++, Python) and experience with application security testing tools (e.g., OWASP ZAP, Burp Suite).
Proven track record of systematic remediation of security and compliance gaps in software systems.
Knowledge of regulatory frameworks and standards (e.g., NIST, PCI DSS, SOC 2).
Experience with security assessment methodologies and tools.
Excellent communication skills and the ability to collaborate effectively with cross-functional teams.
Strong analytical and problem-solving skills.
Listing Details
- Salary: $200000 - $250000
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Hybrid Telecommute