Senior Software Security Engineer in San Jose, CA at OSI Engineering
Santa Clara, CA 95051
About the Job
Selection of vendors and tools for vulnerability management, including Application and Software security testing.
Work with development teams to educate and establish process for integration of software testing and integration of the tools with the build and QA process.
Work with device, SW and cloud product managers to establish SW and application security requirements.
Perform threat analysis for vulnerability of related products, design, prioritize, perform and manage execution and time line for remediation.
Assist or perform security vendor/ partner selection and propose way forward
Must Have Skillsets:
Minimum 3-5 years in information security or related roles, responsible for identifying and mitigating security risks
Threat modeling, creating web application security requirements and identifying web application vulnerabilities (minimum OWASP up to ASVS), experience with SAST and pen testing tools, and their integration with SW development (agile is plus) process and tools.
Ability to do software security code reviews and experience with the remediation process for SW.
Operating system security (Linux and preferably RTOS) and embedded system software security.
Experience with tools and process related to security event monitoring, such as IDS, alert systems, etc.
Good communications (verbal and written) skills and patience to educate developers, product management to drive security agenda.
Good understanding of use of cryptography (hashes, ciphers), authentication and key management mechanisms, such as OATUH and REST API security, security protocols: TLS.
Hands on experience with tools such as openssl
Basic understanding of AWS/cloud security concepts, databases (MySQL).
Experience with implementation of security protocols such as OAUTH, BLE/Thread or other wireless stacks, PKI.