Job Description
Software Security Engineer (Vulnerability, Auditing) - Perm - San Francisco , CA - $120,000-$150,000
The end client is unable to sponsor or transfer visas for this position; all parties authorized to work in the US without sponsorship are encouraged to apply.
Seeking a Software Security Engineer (Vulnerability, Auditing) in San Francisco , CA.
Role Description
- Identify software security design and architectural risks, and develop mitigation plans
- Perform security assessments on native, managed, and interpreted software using static and dynamic analysis techniques, white-box, and black-box testing methods
- Develop and maintain security analysis tools in Python, C/C++, JavaScript, Go, and/or Rust
- Participate in Incident Response and problem remediation
- Mentor software engineers on how to abate security vulnerabilities and threats in applications
- Design, develop and deliver security training talks and courses for software engineers
- Perform web, mobile, and desktop application penetration testing
- Provide system administrative support for enterprise infosec services(SentinelOne, Cisco Umbrella, etc)
- Participate in company level security compliance efforts
- Administer the company's bug bounty program and work with the engineering team for remediation
- Develop proof-of-concepts, triage security bugs, and notify the appropriate engineering teams
- Evangelize security within the company and be an advocate for customer trust and privacy protection
- Work with the Security Advocates from the various Engineering teams to promote security within the organization
- Work as a technical liaison to security vendors
- Other duties as assigned
Skills & Requirements
- BS in Computer Science or equivalent preferred
- Experience implementing security solutions at various company sizes and system complexity
- Professional development experience using at least one major programming language such as C, C++, Java, C#, and/or Python
- Excellent written and verbal communication skills
- At least 3 years of experience in application-level vulnerability testing and auditing
- At least 2 years of experience working with development teams that have delivered software-based services, preferably in an agile environment
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, SSH, TLS, routing protocols)
- Knowledge of system security vulnerabilities and remediation techniques
- Experience with encryption technologies and authentication processes including but not limited to OAuth, SSL/TLS, WPA2, JWE, and BLE encryption
- Experience with security testing tools such as Burp Suite, OWASP, Zap or related
Why Hays?
You will be working with a professional recruiter who has intimate knowledge of the Information Technology industry and market trends . Your Hays recruiter will lead you through a thorough screening process in order to understand your skills, experience, needs, and drivers. You will also get support on resume writing, interview tips, and career planning, so when there's a position you really want, you're fully prepared to get it.
Nervous about an upcoming interview? Unsure how to write a new resume?
Visit the Hays Career Advice section to learn top tips to help you stand out from the crowd when job hunting.
Hays is an Equal Opportunity Employer.
Drug testing may be required; please contact a recruiter for more information.
Company Description
It's a biopharmaceutical powerhouse focusing on developing and commercialising oncology and autoimmune drugs, They have successfully developed drug candidates targeting pathways with blockbuster potentials, encompassing top three oncology targets and five out of the ten bestselling drugs globally.