12 days old
2018-07-112018-08-08

Lead Security Test Engineer

Westford, MA 01886
  • Job Code
    632208
  • Payrate
    $110,000 To $140,000
job summary:

What you will do:

The Principal Product Security Engineer (Engineer IV) / Lead Product Security Test Engineer is an experienced engineer with demonstrated experience in penetration and product security testing.

The primary responsibility of the Lead Product Security Test Engineer is to lead all areas of product security testing including penetration testing, vulnerability assessment, and security feature validation within a line of business. This includes building, maintaining, and ever improving the internal product security labs, communicating findings to multiple, diverse development teams, managing external test partners and bug bounty programs, and assisting in product incident response.

How you will do it:

The Product Security Test Engineer shall perform security testing including penetration testing, vulnerability assessment, and security feature validation within a line of business.

It is the responsibility of the Lead Product Security Test Engineer to maintain the equipment, applications, and tools of the security lab to ensure the lab is capable to support all products within the line of business. This will include making recommendations to the purchase and/or development of equipment, tools, and applications. He/She shall also ensure the lab capabilities, standards, procedures, and documentation are kept in accordance with quality expectations.

It is expected that a Product Security Test Engineer assist in the effort of building of cybersecurity knowledge within their line of business. To achieve this expectation, the Product Security Test Engineer shall support efforts to comply with training requirements and recommendations. They may also be required to facilitate group study sessions and lead other training/thought leadership efforts within Company

When directed by the LoB Security Architect, the Product Security Test Engineer shall assist in the identification of affected products, perform vulnerability triage, assist in the assignment of severity, and assessment of mitigation efforts and report these to the LoB Security Architect and Security Advocates.

It is essential for the Product Security Test Engineer to be a subject matter expert in product cybersecurity, security testing methodologies and techniques, and the products in which they support. For this reason, it is expected that the Product Security Test Engineer shall maintain a regular cadence of study of technical security training as well as attending all required training for Security Champions and available product training for his/her supported products.

What we look for:

Required Skills/Experience

  • Five or more years of hands-on penetration testing required
  • Excellent up-to-date technical and hands-on knowledge, experience in current attack methods, penetration testing methods, and hacking tools; especially for web applications, required.

Preferred Skills/Experience

  • Certifications (GPEN, GWAPT, GXPN, OSCP, and/or OSCE) are a plus, but not required. We offer support for training and testing and certification is expected to be achieved while in the role.
  • Strong leadership and communication skills and be able to discuss technical topics to individuals and groups with a wide range of technical backgrounds
  • Good financial and general business acumen
  • Goal-oriented with a strong drive for success

Product Security Engineer

What you will do:

The Product Security Engineer/Security Advocate is an experienced engineer with demonstrated experience in cybersecurity controls and secure software development practices. Within Security Products they will serve as the "Cyber Protection Security Champion" for the suite of product in his/her portfolio.

The primary responsibility of the Product Security Enginner is to support, represent, and lead all areas of product cybersecurity including governance, risk, and compliance for a given set of products within a line of business. They may at times be called to act as subject matter experts in both product cybersecurity and the products within their portfolio by product development teams, customer support, sales, and elsewhere within the organization. While accountability for GPS policy compliance remains with the senior most leader within line of business, a Security Advocate is responsible to lead activities for ensuring compliance for the products within their portfolio as well as other activities required by the Security Architect for the LoB and needed to perform their primary responsibilities.

Security Advocates will report directly to the Security Architect for their line of business.

How you will do it:

Security Advocates may represent the Application Security Manager in launching and governing policy and standard compliance for their product portfolio. This includes activities for compliance to the Design for Security, Security Council, and Security Champions policy and program elements.

Security Advocates shall track and present performance and compliance metrics for their product portfolio including compliance with the Secure Software Development Policy, Design for Security, and other requirements.

As they arise, the Security Advocate will immediately provide notification on areas of product cybersecurity program risks to the LoB Security Advocate including, but not limited to:

  • Senior LoB leader concerns
  • Risks to program implementation deadlines
  • Lack of or gaps in required deliverable completion
  • Notification of any new Critical or High vulnerabilities
  • Contact by a non-contracted individual or organization indicating a vulnerability in any product

Security Advocates shall ensure all required documentation for their product portfolio (Design for Security workbooks, threat models, penetration test SOW/results, etc.) are being archived according to policies and standards.

What we look for:

Required Skills/Experience

  • Bachelor's in computer science, engineering, or related field
  • Three years professional experience in support of product development

Preferred Skills/Experience

  • Knowledge of cybersecurity technology, methods, terminology and trends- speak the language
  • Experience with SAST, vulnerability management, open source security issues, threat modeling, and/or working with third party penetration testers preferred
  • Additional technical expertise relevant to the product portfolio supported (e.g. Windows, Linux, C#, .NET, etc.)
  • Good communication skills
  • Goal-oriented with a strong drive for success
 
location: westford, Massachusetts
job type: Permanent
salary: $110,000 - 140,000 per year
work hours: 9 to 5
education: Bachelors
 
responsibilities:

What you will do:

The Principal Product Security Engineer (Engineer IV) / Lead Product Security Test Engineer is an experienced engineer with demonstrated experience in penetration and product security testing.

The primary responsibility of the Lead Product Security Test Engineer is to lead all areas of product security testing including penetration testing, vulnerability assessment, and security feature validation within a line of business. This includes building, maintaining, and ever improving the internal product security labs, communicating findings to multiple, diverse development teams, managing external test partners and bug bounty programs, and assisting in product incident response.

How you will do it:

The Product Security Test Engineer shall perform security testing including penetration testing, vulnerability assessment, and security feature validation within a line of business.

It is the responsibility of the Lead Product Security Test Engineer to maintain the equipment, applications, and tools of the security lab to ensure the lab is capable to support all products within the line of business. This will include making recommendations to the purchase and/or development of equipment, tools, and applications. He/She shall also ensure the lab capabilities, standards, procedures, and documentation are kept in accordance with quality expectations.

It is expected that a Product Security Test Engineer assist in the effort of building of cybersecurity knowledge within their line of business. To achieve this expectation, the Product Security Test Engineer shall support efforts to comply with training requirements and recommendations. They may also be required to facilitate group study sessions and lead other training/thought leadership efforts within Company

When directed by the LoB Security Architect, the Product Security Test Engineer shall assist in the identification of affected products, perform vulnerability triage, assist in the assignment of severity, and assessment of mitigation efforts and report these to the LoB Security Architect and Security Advocates.

It is essential for the Product Security Test Engineer to be a subject matter expert in product cybersecurity, security testing methodologies and techniques, and the products in which they support. For this reason, it is expected that the Product Security Test Engineer shall maintain a regular cadence of study of technical security training as well as attending all required training for Security Champions and available product training for his/her supported products.

What we look for:

Required Skills/Experience

  • Five or more years of hands-on penetration testing required
  • Excellent up-to-date technical and hands-on knowledge, experience in current attack methods, penetration testing methods, and hacking tools; especially for web applications, required.

Preferred Skills/Experience

  • Certifications (GPEN, GWAPT, GXPN, OSCP, and/or OSCE) are a plus, but not required. We offer support for training and testing and certification is expected to be achieved while in the role.
  • Strong leadership and communication skills and be able to discuss technical topics to individuals and groups with a wide range of technical backgrounds
  • Good financial and general business acumen
  • Goal-oriented with a strong drive for success

Product Security Engineer

What you will do:

The Product Security Engineer/Security Advocate is an experienced engineer with demonstrated experience in cybersecurity controls and secure software development practices. Within Security Products they will serve as the "Cyber Protection Security Champion" for the suite of product in his/her portfolio.

The primary responsibility of the Product Security Enginner is to support, represent, and lead all areas of product cybersecurity including governance, risk, and compliance for a given set of products within a line of business. They may at times be called to act as subject matter experts in both product cybersecurity and the products within their portfolio by product development teams, customer support, sales, and elsewhere within the organization. While accountability for GPS policy compliance remains with the senior most leader within line of business, a Security Advocate is responsible to lead activities for ensuring compliance for the products within their portfolio as well as other activities required by the Security Architect for the LoB and needed to perform their primary responsibilities.

Security Advocates will report directly to the Security Architect for their line of business.

How you will do it:

Security Advocates may represent the Application Security Manager in launching and governing policy and standard compliance for their product portfolio. This includes activities for compliance to the Design for Security, Security Council, and Security Champions policy and program elements.

Security Advocates shall track and present performance and compliance metrics for their product portfolio including compliance with the Secure Software Development Policy, Design for Security, and other requirements.

As they arise, the Security Advocate will immediately provide notification on areas of product cybersecurity program risks to the LoB Security Advocate including, but not limited to:

  • Senior LoB leader concerns
  • Risks to program implementation deadlines
  • Lack of or gaps in required deliverable completion
  • Notification of any new Critical or High vulnerabilities
  • Contact by a non-contracted individual or organization indicating a vulnerability in any product

Security Advocates shall ensure all required documentation for their product portfolio (Design for Security workbooks, threat models, penetration test SOW/results, etc.) are being archived according to policies and standards.

What we look for:

Required Skills/Experience

  • Bachelor's in computer science, engineering, or related field
  • Three years professional experience in support of product development

Preferred Skills/Experience

  • Knowledge of cybersecurity technology, methods, terminology and trends- speak the language
  • Experience with SAST, vulnerability management, open source security issues, threat modeling, and/or working with third party penetration testers preferred
  • Additional technical expertise relevant to the product portfolio supported (e.g. Windows, Linux, C#, .NET, etc.)
  • Good communication skills
  • Goal-oriented with a strong drive for success
 
qualifications:

Preferred Skills/Experience

  • Knowledge of cybersecurity technology, methods, terminology and trends- speak the language
  • Experience with SAST, vulnerability management, open source security issues, threat modeling, and/or working with third party penetration testers preferred
  • Additional technical expertise relevant to the product portfolio supported (e.g. Windows, Linux, C#, .NET, etc.)
  • Good communication skills
  • Goal-oriented with a strong drive for success
 
skills: Preferred Skills/Experience

  • Knowledge of cybersecurity technology, methods, terminology and trends- speak the language
  • Experience with SAST, vulnerability management, open source security issues, threat modeling, and/or working with third party penetration testers preferred
  • Additional technical expertise relevant to the product portfolio supported (e.g. Windows, Linux, C#, .NET, etc.)
  • Good communication skills
  • Goal-oriented with a strong drive for success

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

Categories

Featured Jobs

Career News

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Lead Security Test Engineer

Randstad Technologies
Westford, MA 01886

Share this job

Lead Security Test Engineer

Randstad Technologies
Westford, MA
US

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast