Secure Development Lifecycle (SDL) Engineer
Durham, North Carolina, United States
We have an outstanding Contract position for a Secure Development Lifecycle Engineer to join a leading Company located in the Durham, NC surrounding area. Job Responsibilities: - Define, commit, and track secure development lifecycle activities across the entire product development organization. - Continually working to improve application security through new and adjusted methodology and tooling. - Coordinate with engineers, serve as a project lead, and/or recognized as an expert in secure design, development, and delivery. - Perform technical security assessments including threat modeling, attack surface analysis, security baseline analysis, security requirements/architectural review, code review, and final security reviews and recommendations. - Identify and communicate project scope and ensure program milestones and objectives are met. - Keep management informed of key issues and changes which may impact expected business results. - Ensure that projects adhere to efficient processes and initiate process and tooling improvements as needed. - Provide recommendations on remediation approaches that strike the right balance across business deliverables. - Develop security satellites as leaders within individual product teams. - Serve as a mentor for security satellites as well as junior engineers on the Product Security team. - Assist with other tasks as needed, including maintenance of internal development tools for Product Security. Basic Hiring Criteria: - Experienced in most aspects of a Secure Development Lifecycle, including: code review, Software Composition Analysis, detecting and mitigating common weaknesses, static analysis, web app scanning, fuzzing, threat modeling, and architectural review - Penetration testing experience is a desirable. - Experience in storage (block/file/object), databases, or other distributed systems is highly desirable. - Strong understanding of common networking protocols (e.g. TCP/IP, Ethernet, DNS, HTTP, TLS). - Proven experience in working collaboratively and leading engineering teams in secure software development. - Strong understanding of third-party and open source software integration and usage methodology. - Minimum 2 years of software development experience in 2 or more of: C, C++, C# & Java. Must be well-versed in common security patterns and vulnerabilities in these languages. - Development skills in one or more interpreted languages - Knowledgeable in common software patterns, data structures & algorithms, and development methodologies. Proven ability to quickly pick-up new languages, frameworks, and codebases. Education: - A minimum of 4 years of experience is required. 5 to 7 years of experience is preferred. - A Bachelor of Science Degree in Engineering or Computer Science, a Master Degree, or a PhD; or equivalent experience is required. - Demonstrated ability to have led and completed multiple complex projects. - OSCP is highly desirable.