Principal Security Engineer - Phoenix or Santa Clara Location
There could be 100 billion connected devices by 2025, leading towards a trillion-sensor ecosystem. 1 billion digital natives are expected to join the workforce over the next 7 years. In a hyper-connected era of mobile, cloud, big data, and the Internet of Things, future business models will depend on the security and availability of more data flowing through more systems and being accessed and used by more people.
Axway is a catalyst for transformation and a global leader in data flow governance. With Axway AMPLIFY™, our cloud-enabled data integration and engagement platform, leading brands better anticipate, adapt and scale to meet ever-changing customer expectations. From idea to execution, we help make the future possible for more than 11,000 organizations in 100 countries
Axway Security teams are critical to delivering secure applications and cloud services, protecting data for global customers in government, banking & financial services, healthcare, manufacturing and other security-conscious industries.
The Principal Security Engineer is a key member of Product Security Group (PSG), a global R&D team focused on delivery of secure applications and cloud services. This position has primary responsibilities for secure code development, secure-by-default product deployment, securing cloud applications and evangelizing the secure development lifecycle (SDLC) throughout Axway’s global R&D organization.
This position has a role in performing vulnerability assessments, red team security penetration testing, and working with R&D development teams on solutions to security remediation and mitigation.
The position also requires strong customer empathy, communication and negotiation skills with customers and internal stakeholders.
Lead product teams through the Axway Secure Development Lifecycle (SDLC)
Guide secure coding practices and processes
Guide secure architecture and secure product designs
Lead secure web applications delivery via industry leading AppSec practices
Lead, perform, and guide PEN testing (Fuzzing across internal product teams)
Support customers, development teams, and peers in technical analysis of tool outputs
Support the management, control and upgrade of selected SDLC tool suites
Assist Axway in incident handling and incident response for products and platforms
Bachelor’s degree in Computer Science, Information Technology or related field.
Knowledge of the CVE, the OWASP top ten, the SANS top 25 and vulnerability remediation techniques.
Threat modeling, penetration testing, fuzzing techniques
Excellent technical writing, documentation, and communication skills are required.
Helpful Skills to Support the Responsibilities:
Technical leadership skills, coupled with strong communication skills
Cloud security, secure applications on public cloud such as AWS
Encryption and Crypto Libraries such as JCE, OpenSSL, Bouncy Castle etc.
Fortify static analysis tool experience
Nmap, Nessus, or other attack surface tool experience
Vulnerability scanning and mitigation
Dynamic code analysis tool usage
Authentication and Authorization mechanics and protocols (OAuth, SAML)
Ability to learn new products and technical concepts quickly
Experience in DevOps, DevSecOps, security automation, and continuous integration (CI/CD)
Successfully manage time and technical responsibilities, set accurate expectations and meet deliverable deadlines while working in a team environment
Possess or obtain within 18 months from date of hire, an information security certification such as a CISSP, CSSLP or technical SANS certificates with Axway sponsorship.
Position may be required to perform other duties as required. Travel requirements may be up to 15% and include international travel destinations.
Axway is a AA and EEO Employer