Senior Security Engineer

ID
2018-4543
Category
Technical/Engineering
Job Location
RO-Bucarest

Overview

The Senior Security Engineer is a member of Product Security Group (PSG) in the R&D Department, a global group that focuses on the delivery of secure products and services that serve numerous industries worldwide. The engineer performs technical activities that deliver effective application security services for product teams. This position will have primary responsibility for secure code development/review, secure product deployment (by default), secure use of cryptographic libraries, secure web applications, optimizing our use of industry leading security tools suites, and evangelizing the security development lifecycle (SDLC) at Axway.

 

This position will also have a role in performing vulnerability assessments, security penetration testing, and working with R&D development teams on remediation and mitigation of findings..    

 

The Security Engineer provides support to planning, designing and implementing security controls and tools which safeguard Axway products as applied through the Axway SDLC. The position also requires strong customer empathy, communication and negotiation skills with Axway engineers and the Axway management team.  

Responsibilities

  • Lead the product teams through the Axway SDLC
  • Guide secure coding practices and processes
  • Guide secure architecture and secure product designs
  • Lead secure web applications delivery via industry leading AppSec practices
  • Lead, perform, and guide PEN testing (Fuzzing across internal product teams)
  • Support customers, development teams, and PSG in technical analysis of tool outputs
  • Support the management, control and upgrade of selected SDLC tool suites

Qualifications

Helpful Skills to Support the Responsibilities: 

  • Technical leadership skills, coupled with strong communication skills
  • Cloud security, secure applications on public cloud such as AWS
  • Java, JVM, JCA/JCE experience, Crypto Library JDK’s
  • C/C++ coding or analysis experience
  • Fortify static analysis tool experience
  • Nmap, Nessus, or other attack surface tool experience
  • Vulnerability scanning and mitigation
  • Dynamic code analysis tool usage
  • Sockets, TLS, SSL, and VPN experience
  • Layer 3 thru 7 network security experience
  • Penetration Testing and Fuzzing (files, functions)
  • Authentication and Authorization mechanics and protocols
  • Understanding and experience in IH/IR
  • System configuration, deployment, and technical control of infrastructure
  • Ability to learn new products and technical concepts quickly
  • Successfully manage time and technical responsibilities, set accurate expectations and meet deliverable deadlines while working in a team environment

 

These essential functions are representative of those that must be met by an employee to successfully perform the job. Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions. Position may be required to perform other duties as required. Travel requirements may be up to 15% and include international travel destinations.

 

Qualifications:

  • Bachelor’s degree in Computer Science, Information Technology or related field. Master’s preferred.
  • A minimum of 7-10 years of product development experience; at least 5 of those years focused on product security.
  • Hands-on experience in many of the following areas: HTTP, XML, REST, C/C++, Java, Web Servers (Apache/IIS), Scripting languages (Javascript, Python, node.js, etc.), Threat Modeling, Penetration testing, Dynamic and Static analysis, Fuzzing, Vulnerability remediation techniques, Knowledge of the CVE, The OWASP top ten, the SANS top 25.
  • Experience using Microsoft Office suite tools to create documents, presentations, and detailed drawings.
  • Superior technical writing, documentation, and communication skills are required.

Other sought after skills:

  • Comfortable working on both Linux-based and MS Windows-based system platforms with a strong technical understanding and aptitude for analytical problem-solving.
  • Strong understanding of application level security issues.
  • Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks
  • Understanding of the system hardening processes, tools, guidelines and benchmarks.
  • Strong understanding of encryption technologies, Java/Linux and Microsoft implementations

Career Development:

 

Employee career development is one of Axway’s major company values; and we are deeply committed to helping them leverage the promotion and job mobility opportunities that are right for them.

This is what our candidates can expect from us if they choose to join our team:

  • A personal development plan and training plan (technical, product & functional) in order to insure your integration and your performance
  • Competitive remuneration package and real benefits
  • Potential for growth in an international company
  • Friendly working environment with experienced professionals
  • Flexible working hours when need and work from home policy
  • Extra paid vacation days – 25 days/year
  • Open games area – table tennis, sports and more!

In addition, Axway’s global presence creates opportunities for geographical mobility both within Axway subsidiaries.

 

1griffon_blue_champion_namedFor internal use only!

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.