Senior Security Engineer, AVP
Who we are looking for :
The Senior Security Engineer is a significant technical contributor to the effort of maintaining and enhancing the software security program at Charles River Development.
The security program encompasses vulnerability identification and tracking, assessment and scoring (via CVSS), vulnerability remediation management, software design review, code review and threat modeling.
The role requires comprehensive knowledge of security attack vectors from the operating system through the application layer and persistent layer and related defensive controls for preventing, detecting, and mitigating attacks in both on premise and public cloud scenarios.
The Senior Security Engineer will work with the Principal Security Architect to establish security policies, procedures, and best practices.
In addition, this role will work very closely with various teams and stakeholders to execute the security policies, procedures and best practices.
Work under minimal supervision to secure Systems Development Life Cycle (SDLC).
Know the industrial security best practices. Identify key security controls that could apply to secure Charles River products.
Conducting threat modeling exercises for a defined scope.
Establish or recommend design and implementation patterns for the development team to use.
Assist in design of security features such as authentication and authorization, data protection.
Perform security code reviews and identify implementations that will lead to security vulnerabilities.
Work with subject matter experts to develop vulnerability remediation action plans and drive implementation.
Employ common security testing tools to verify common security vulnerabilities and effective fixes.
Triage vulnerability findings through industry standard threat scoring practices (CVSS).
Participate in security incident investigations and remediation actions.
Deliver security awareness training. Provide security training to the development organization on a periodic basis.
Keep apprised of new offensive threats and the defensive technologies to defeat or mitigate attacks. Monitor the software industry for vulnerabilities that could affect Charles River products.
A minimum of 5+ years of progressively responsible experience as software engineer, with at least 3+ years of focus on secure Systems Development Life Cycle (SDLC) is required.
Demonstrated knowledge of common vulnerabilities and corresponding remediation approaches.
B.S. degree (or foreign education equivalent) in Computer Science, Engineering, Mathematics, and Physics or other technical course of study required.
MS degree strongly preferred.
Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
Current knowledge of web related technologies and attack vectors.
Knowledge of data modeling and data security is preferred.
Strong written and verbal communication skills.
Strong analytical and problem-solving skills.
CISSP or CEH certifications is preferred.
What We Offer :
Multisport card / cinema tickets / money transfer
Why this role is important to us :
The team you will be joining is a part of Charles River Development (or CRD), that became a part of State Street in 2018.
CRD helps create enterprise investment management software solutions for large institutions in the areas of institutional investment, wealth management and hedge funds.
Together we have created first open front-to-back platform - State Street Alpha, that was launched in 2019.
Join us if delivering next generation infrastructure, using emerging technologies like AI and Blockchain sounds like a challenge you are up for.