Staff Software Engineer, Application Security
OPENTEXT - THE INFORMATION COMPANY
As the Information Company, our mission at OpenText is to create software solutions and deliver services that redefine the future of digital. Be part of a winning team that leads the way in Enterprise Information Management.
The Security Engineering Analyst will be responsible for analyzing the security of developed applications, recommending changes to those applications where needed, and acting as an application security subject matter expert, working closely with all product teams to support and help them to design and develop secure applications.
You are great at:
- Perform application layer security vulnerability assessments and penetration tests;
- Investigate reported vulnerabilities, provide information about defect types, steps to recreate, exploitation likelihood, impact, risk, etc.
- Provide feedback to development teams about the security of their applications;
- Work with defect tracking / issue management / source code repository tools and solutions;
- Work with and maintain automated static and dynamic application security testing tools;
- Analyze application security related defects for root causes, and make recommendations for mitigation;
- Participate in threat modeling exercises, paper based security assessments, audits, application security architecture reviews;
- Perform routine threat and vulnerability management duties, vulnerability research, and internal dissemination and tracking;
- Stay up-to-date with application security related news, trends, tools, and testing techniques;
- Train, mentor and support development and quality assurance teams to help them be successful in their security testing activities;
- Assist in tracking the security maturity of all products and solutions pertaining to and in support of Secure Software Development Life Cycles;
- Produce clear, concise and unambiguous reports and technical whitepapers, and perform peer reviews and offer constructive criticism of other team member’s outputs;
- Setup and manage application security testing environments including mobile platforms, and create solutions, (e.g. software, procedures, scripts, methodologies), to help locate security related software defects;
- Actively champion and participate in the perpetual improvement of the organization’s Product Security Assurance Program.
What it takes:
Desired Technical Proficiency / Knowledge:
- Application security vulnerability assessment and penetration testing tools and methods, (e.g. HP Fortify, IBM Security AppScan, Burp Suite Pro, Acunetix, HP WebInspect, W3AF, BeEF, sqlmap, ZAP, OWASP, SANS, etc.)
- Security aspects of web-based/mobile applications, web services / RESTful APIs, web servers, databases, and hosting environments;
- Industry standard best practice application security controls, requirements, features, and specifications;
- Application security issues, weaknesses, vulnerabilities, and threats, risks, and impacts of exploitation;
Desired Functional Proficiency / Knowledge:
- A natural curiosity to learn how things work, and more importantly, how they can be made to work outside of their intended purposes, (i.e. the ethical hacker mentality);
- Background/understanding of a secure software development life cycle;
- Strong analytical, troubleshooting, writing, communication, and consultancy skills;
- Possess a commitment to quality and a thorough approach to work;
- The ability to work in a team and as an individual;
- The ability to manage multiple tasks simultaneously in a very fast paced working environment.
Desired Education / Certifications:
- B.E./B.Tech/Bachelors of Computer Science or similar;
- Hands-on application security penetration testing related certifications, (e.g. GWAPT, OSWE, OSCP, GPEN, CPTE, CEH, GWEB, GCIH, etc.);
- General information security related certifications, (e.g. CISSP, CISM, GSEC, CCSP, etc.).
- 6+ years of relevant experience;
- Highly developed professional and technical skills are needed to perform this job;
- Previous experience in software application development is also an asset.
At OpenText we understand and value diversity in our employees and are proud to be an Equal Opportunity Employer.