Wednesday, April 26, 2017

Security Software Engineer

Job title: Security Software Engineer

Location: Foster City CA 94404

Duration: 6 months with high possibility of extension, likely extension or conversion depending on performance.

JOB SCOPE
This candidate will join Global Information Security and will help drive the successful adoption of Secure Software Development Lifecycle practices across Visa’s product development teams and help build foundational application security capabilities. The primary focus of the candidate is to help performing source code review using static testing tools such as Fortify on Visa's critical and highly rated application and help drive the successful rollout of the dynamic security testing suite - AppScan Enterprise within Visa.

• Help implement a pre-defined Secure Software Development Lifecycle practices for all Visa technology projects throughout the planning and delivery cycles that assure that investments in IT generate business value and mitigate the risks associated with information security
• Ensure end-to-end security of Visa products by hands on testing, helping development teams, remediating risks upfront
• Improve secure coding practices, application security requirements, automation, training, and metrics.
• Help build secure products and standards around emerging technologies and fields lacking existing standards and security practices
• Work with security testers on proper AppScan scan configurations and setups including activities such as manual explore, multi-step operations etc to provide solid application test coverage.
• Trouble shoot common and complicated AppScan issues such as network connectivity, login, performance and looping issues.
• Triage the AppScan reports. Work with development organizations to review and fix vulnerabilities according to Visa’s Secure Coding Standards.
• Act as a liaison to IBM technical support, maintain the records of PMRs; patch and upgrade the AppSan Visa system in a timely fashion.
• Build strong cross-organizational relationships and effectively influencing staff across the IT organization and broader enterprise
• Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals.
• Collaborate with product and solution teams to achieve Global Information Security software security program objectives. .
• Develop and optimize processes to improve software development efficiency in the consumption of security development practices.
• Maintain active understanding of industry practices for secure software development and incident response.
• Represent Visa in the software security community globally.
QUALIFICATIONS
• Undergraduate degree in Computer Science, Electrical Engineering or a related technical discipline; advanced degree preferred.
• Hands on experience with one or more of the following programming languages: C#, Java, JavaScript, Objective C, C, C++ and Ruby; Experience in building ENTERPRISE web applications preferred
• MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
• Excellent understanding of web applications, web servers, layer 7application technologies, frameworks and protocols with respect to application development and deployment
• Well versed in web application design, penetration testing, application risk assessment and risk categorization
• Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developers world
• Success in implementing effective Secure SDLC frameworks across a large corporation.
• Hands on experience with SAST testing tools such as AppScan, Web Inspect and burpsuit.
• Understanding of Mobile application and platform security; deep understanding of platforms, SDK’s and interaction with application layer PREFERRED
• Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models. Deep knowledge of/experience with the following:
• Agile SDLC processes and PMO reengineering Enterprise and application architecture
• SAST, DAST and fuzz testing tools
• Highly effective communicator; well honed influencing and negotiating skills
• Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
• Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
• Demonstrated leadership qualities, flexibility, adaptability to changes in roles and responsibility as required.
• 2 to 5 years in technology, information security, and/or application development.
• Excellent operational skills; quality and results oriented
• Strategic thinker; visionary; innovative
• Strong client service orientation
• Bi/multi-lingual a plus.
Must have skills        
3-5 years in development (Java or .Net), 2 years in security – overall 5+ years / Bachelors /
Nice to have skills      
SAST, DAST and fuzz testing tools / CISSP or other security certifications

Mohammed Nikhat
Sr. Technical Recruiter | 650-249-3768