Senior InfoSec Engineer

In this role, you’ll be responsible for working with Clearwater Analytics development teams to ensure security is injected into the software development lifecycle and products are secure. This role will focus on implementing, enforcing and validating secure coding practices, application security reviews, threat modeling, penetration testing and ownership over application security vulnerability management. The team you’ll be on is a talented and diverse group of engineers focused on providing highly secure products to our customers.

Responsibilities:

• Lead scoping and execution of webapp and API penetration testing
• Drive reporting on penetration testing proof of concepts and findings
• Lead application security reviews and threat modeling, including code review and dynamic testing.
• Implement application security tooling to support secure coding practices
• Ongoing facilitation of application security vulnerability management
• Advise and support development teams in the area of application security
• Ability to drive improvements to existing processes/tooling.
• Up to date on evolving threats and security vulnerabilities
• Ability to assess risk based on a given risk assessment framework
• Make recommendations for necessary changes to our security controls to address emerging security threats.
• Engaging with technical leadership on driving security and serves as a mentor and model for other engineers.
• Actively seeks out opportunities to improve key systems, does not need to be directed on a daily basis.
• Can help organize a group and coordinate projects or resolution of issues.
• Assists in definition, documentation, and evolution of best practices for application security program
• Goes above and beyond basic requirements to support their own team and others.
• Identifies key gaps in security and tooling functionality that will drive significant improvement in application security
• Has the ability to take an assignment, project or problem and define, lead and implement a solution to completion.

Requirements:  

• 7+ years experience working in Application Security.
• Working knowledge of the OWASP Top 10 and how to apply the standard to minimize security risk.
• Understanding of security best-practices and how to implement them at an enterprise level.
• Basic coding skills – SQL, Python, other scripting languages.
• Expert in common Information Security concepts, practices, and procedures
• Understanding of vulnerability analysis, penetration testing, encryption technologies, intrusion detection, incident response
• Strong written and oral communication skills and the ability to prioritize work
• Strong aptitude for problem solving, math, and communication
• Strong organizational and interpersonal skill

Desired Experience or Skills:

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related area of study
• Experience with mobile, cloud or network penetration testing
• Experience in at least one programming language
• Proficiency with SQL, Python, and/or JAVA
• Industry certifications in cyber security incident management
• Application Development experience
• SANS GIAC, CEH, CompTIA Security+