To apply for this position, please send your qualified resume and contact information to Aaron Brown at Apex Systems:
Responsibilities:
Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible.
Work closely with the product development engineers to perform security design and code review by suggesting flow improvements, anti-tamper protection when needed for security modules, and help with integration of vulnerability assessment tools.
Provide security guidance to Engineering and Product teams on overall product architecture and its ecosystem.
Build Threat Models, conduct Risk Assessments for new features or services and provide guidance on effective countermeasures.
Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment involving truly cutting edge technology.
Provide subject matter expertise on Encryption, Security Controls, and Secure Design and programming practices across the Technology organization.
Contribute to Security Policy, Standards, and Guidelines related to Information Security.
Evaluate and operationalize new technologies for securing the organization.
Train and mentor Security Champions throughout the development.
Share thought leadership in the product and application security space.
Create security User Stories and security Test Cases for products that are tailored to the product attributes and technology.
Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance.
Required skills:
7+ years of relevant software development experience.
Minimum 5 years of demonstrable experience with performing security requirements analyses to secure the deployment of large globally distributed cloud-based platforms, building threat models, doing design reviews and documenting relevant mitigation techniques, implementing security best practices, applying security design patterns, implementing common security algorithms and protocols.
Solid grasp of Cryptographic Algorithms (PKI), authentication protocols, and transport layer security, OID, OAuth, SAML.
Hands-on experience with software development projects using iOS/Android platforms.
Experience with Obfuscation techniques, Reverse Engineering and Tamper Resistant software development.
Familiar with Embedded Linux, System-On-a-Chip (SoC) infrastructure (tools, libraries, and open source development), secure software best practices for embedded systems.
Good understanding of Cloud Services, like Amazon Web Services including VPC, IAM, KMS - Security groups, SCPs, ELB, Guard Duty and S3 storage.
Experience with Management Services such as CloudWatch, Lambda and AWS Config and vulnerability scanning tools.
Programming skills in C/C, Java, Scala, Python or other languages and the ability to solve complex operational issues.
In-depth understanding of Secure Software Development Life Cycle in a continuous integration and deployment environment.
An excellent communication, organizational, and experience translating business goals into technical security deliverables
Understanding of various types of Exploits, Threat Modeling, and Attack surfaces.
Bachelor's degree in Computer Science or equivalent engineering experience.
Desired skills:
Knowledge and hands on skills with Docker, ECS, Kubernetes infrastructure security in a Hybrid environment and Container Networking concepts.
Experience with Web application infrastructure as well as UNIX-based operating systems, with a focus on security aspects of application and operating system platforms.
Experience with Third party ecosystem tools for compliance and security such as Auto-Remediation/ Compliance (Cloud Custodian), PRISMA, Dome 9, TrendMicro, and Container Security Tools.
Familiar with Network Security and host based IDS/IPS.
Experience with performing Security Testing and Penetration Testing techniques.
Experience with Content Security technologies like DRM/Conditional Access is ideal.
Understanding of Trusted Execution Environment and Secure Boot Process.
Experience with IT Security Frameworks such as NIST, ISO27001, PCI, DSS, FedRAMP.
One of more of the following certifications:, AWS Certified Solutions Architect - professional, AWS Certified Security - Specialty, CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP), CISSP.
Education:
Bachelor's degree in Computer Science or equivalent engineering experience (as a minimum).
Master's degree in Computer Science or equivalent engineering experience (preferred).
To apply for this position, please send your qualified resume and contact information to Aaron Brown at Apex Systems:
EEO Employer
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or
