Sr. Security Development Engineer

Senior Security Development Engineer
Location: Miami, FL (Dadeland Area)
Type: 1 Year Contract
Compensation: $75-100 per hour

SherlockTalent is looking for a Senior Security Development Engineer (Security Engineer + Software Engineer) that will be a part of the Cybersecurity Team focused on general application and infrastructure security, DevSecOps principles, code quality, vulnerability management, penetration testing, and security operations. This is a Senior Level position and must be able to lead, influence, solve challenges, and push engineering knowledge.

Responsibilities

• Integrate and maintain a continuous static and dynamic analysis process into the product development life cycle.
• Integrate and maintain a continuous penetration testing solution that is tuned to the specific needs of the product.
• Assess current attack vectors and how they might be exploited in our code base and infrastructure.
• Collaborate with product delivery teams to produce business value and functionality.
• Collaborate with product delivery team to help design secure application/system architecture and deployment best practices in on-premises and Cloud-based services.
• Partner with Core Computing and Security teams to review and assess production traffic and its impact.
• Write functional tests that prove that attack vectors are not successful.
• Review code for possible flaws and develop intrusion detection algorithms on-network and in-application.
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
• Create comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
• Configure and troubleshoot security infrastructure devices.
• Prepare and document standard operating procedures and protocols.
• Implement and monitor security measures for the protection of computer systems, networks, and information.

Requirements

• Bachelor’s degree in IT (equivalent work experience will be considered)
• Minimum of 4-8 years of experience in secure code development, Offensive Security Certified Professional (OSCP), Global Information Assurance Certification (GIAC), and/or Certified Information Systems Security Professional (CISSP), and/or Offensive Security Certified Expert (OSCE)
• Knowledge with C#, .Net, and Python software
• Detailed technical knowledge of database and operating system security with a minimum of four years working with Windows and Linux technologies.
• Knowledge with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols.
• Thorough understanding of the latest security principles, techniques, and protocols.
• Knowledge of Public Cloud security principles and best practices.
• Static application security testing (SAST) tools such as Checkmarx
• Dynamic application security testing (DAST) tools such as AppScan
• Continuous integration and continuous delivery (CI/CD) tools such as Bamboo, Jenkins, Azure DevOps, Octopus Deploy, etc.