• Principal Security Engineer

    Job ID
    2018-4682
    Category
    Technical/Engineering
    Job Location
    US-CA-Santa Clara
  • Overview

    Principal Security Engineer - Phoenix or Santa Clara Location

     

    There could be 100 billion connected devices by 2025, leading towards a trillion-sensor ecosystem. 1 billion digital natives are expected to join the workforce over the next 7 years. In a hyper-connected era of mobile, cloud, big data, and the Internet of Things, future business models will depend on the security and availability of more data flowing through more systems and being accessed and used by more people.

     

    Axway is a catalyst for transformation and a global leader in data flow governance. With Axway AMPLIFY™, our cloud-enabled data integration and engagement platform, leading brands better anticipate, adapt and scale to meet ever-changing customer expectations. From idea to execution, we help make the future possible for more than 11,000 organizations in 100 countries

     

    Axway Security teams are critical to delivering secure applications and cloud services, protecting data for global customers in government, banking & financial services, healthcare, manufacturing and other security-conscious industries.  

     

    The Principal Security Engineer is a key member of Product Security Group (PSG), a global R&D team focused on delivery of secure applications and cloud services. This position has primary responsibilities for secure code development, secure-by-default product deployment, securing cloud applications and evangelizing the secure development lifecycle (SDLC) throughout Axway’s global R&D organization.

     

    This position has a role in performing vulnerability assessments, red team security penetration testing, and working with R&D development teams on solutions to security remediation and mitigation.

     

    The position also requires strong customer empathy, communication and negotiation skills with customers and internal stakeholders.

    Responsibilities

    Lead product teams through the Axway Secure Development Lifecycle (SDLC)
    Guide secure coding practices and processes
    Guide secure architecture and secure product designs
    Lead secure web applications delivery via industry leading AppSec practices
    Lead, perform, and guide PEN testing (Fuzzing across internal product teams)
    Support customers, development teams, and peers in technical analysis of tool outputs
    Support the management, control and upgrade of selected SDLC tool suites
    Assist Axway in incident handling and incident response for products and platforms

    Qualifications

    Bachelor’s degree in Computer Science, Information Technology or related field.
    Minimum of 5 years focused on product security and application development in one or more of the areas: HTTP, XML, REST, C/C++, Java, Web Servers (Apache/IIS), and Scripting languages (Javascript, Python, node.js, etc) .
    Knowledge of the CVE, the OWASP top ten, the SANS top 25 and vulnerability remediation techniques.
    Threat modeling, penetration testing, fuzzing techniques
    TLS/SSL experience 
    Excellent technical writing, documentation, and communication skills are required.  
    Helpful Skills to Support the Responsibilities:

    Technical leadership skills, coupled with strong communication skills  
    Cloud security, secure applications on public cloud such as AWS
    Encryption and Crypto Libraries such as JCE, OpenSSL, Bouncy Castle etc.
    Fortify static analysis tool experience
    Nmap, Nessus, or other attack surface tool experience
    Vulnerability scanning and mitigation
    Dynamic code analysis tool usage
    Authentication and Authorization mechanics and protocols (OAuth, SAML)  
    Ability to learn new products and technical concepts quickly
    Experience in DevOps, DevSecOps, security automation, and continuous integration (CI/CD)
    Successfully manage time and technical responsibilities, set accurate expectations and meet deliverable deadlines while working in a team environment
    Possess or obtain within 18 months from date of hire, an information security certification such as a CISSP, CSSLP or technical SANS certificates with Axway sponsorship.
     

    Position may be required to perform other duties as required. Travel requirements may be up to 15% and include international travel destinations.

    Axway is a AA and EEO Employer

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.