Kodiak Solutions · 2 days ago

Software Security Engineer

Boston, MA

Full-time

Hybrid

Senior Level

7+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Business IntelligenceCompliance

Insider Connection @Kodiak Solutions

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Collaborate with development teams to identify potential security threats and vulnerabilities in software designs.

Conduct risk assessments to prioritize security efforts and allocate resources effectively.

Research relevant software security technologies for potential improvements / best practice application.

Promote secure coding practices within the development teams.

Work with product engineering to design and implement secure architecture patterns for cloud-based applications that are both resilient and secure.

Work with product engineering to ensure security testing, including static analysis, dynamic analysis, and penetration testing.

Validate security controls and configurations in Azure environments.

Mitigate security incidents promptly and effectively.

Ensure product compliance with industry standards and regulatory requirements.

Research relevant security news topics to maintain understanding of current security threats, methodologies and potential risks to the firm.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Software Security ArchitectureVulnerability AssessmentRisk AnalysisAzure GovernanceProgramming LanguagesScripting LanguagesConfiguration ManagementOrchestration ToolsCI/CD ToolsTesting ToolsCode Quality ToolsSecurity ToolsThreat IntelligenceInformation SecurityGraduate degreeRelevant certificationsWork after-hours

Required

Advanced understanding of software security architecture fundamentals (Infrastructure, Azure, AWS, Operating Systems, Virtualization, Networking Concepts, Commands and Scripting, Network Security, Operational Security, Threats, Host Security, Access Control, Cryptography, etc)

Technical knowledge of vulnerability assessment and exploitation, and practical experience with risk analysis and mitigation strategies

Expertise with Azure Governance and Compliance utilizing Azure Policies, Initiatives, and Blueprints

Expertise in programming languages such as Python, C#, or Java and scripting languages such as Bash or PowerShell

Expertise in configuration management tools such as Ansible, Chef, or Puppet, and orchestration tools such as Kubernetes, Docker, or Terraform

Expertise in CI/CD tools such as Jenkins, Azure DevOps, Github Actions, and Git for version control

Expertise in testing tools such as Selenium, JUnit, or PyTest, and code quality tools such as SonarQube, Qualys, and Invicti

Expertise in security tools and frameworks such as NIST, ISO, OWASP, SANS, or CIS

Maintain awareness of threat actors and attack trends, as well as those specific to the firm, to identify risks and provide recommendations to management in response to changing threat landscape

Bachelor's degree in Computer Science, MIS, Information Systems, or equivalent experience

7 years in Information Security role