Security Development Engineer
In this role you will represent the security policies, practices and tooling of the global security team to the development team, while working with them to solve the business problems that they are assigned. You will be working with key stakeholders like product owners, business owners and enterprise security leadership. The primary goal is to work on ensuring that the software developed by the team across different product families and infrastructure have all identified issues resolved either with code fixes and/or configuration changes as appropriate. You will provide the security expertise to the team as the team develops and deploys applications on the internal private cloud and public clouds like AWS and Azure.
As an engineer on this team, you will participate in in-depth reviews of the architecture, design, implementation and maintenance of the business applications. You will be involved in cross-functional efforts for the purpose of maintaining and elevating the security of those applications. Ultimately you will be a critical component in delivering the DevSecOps model to the development teams. The Security Development Engineer is a technical and innovative individual responsible for creating software that enables, enhances, and propels the important work of providing security services to protect EWS Data assets and increase the resiliency of the services we provide to our customers.
*Works with key stakeholders including enterprise security leadership to track open issues and follow up to resolution
- Ensures scan and pen test results are analyzed in a timely manner and captured in the bug tracking system to enable review and prioritization
-Categorizes issues per the pre-defined process and works with key stakeholders like product management, R&D and business owners to ensure resolution
-Works with key stakeholders like Dev Ops, Infrastructure et al to build security hardened tech stacks are used for development and production
-Responsible for leading, assisting resolution of identified security issues, when appropriate resolving the issues via code changes, configuration changes etc.
-Designs, develops, and implements software solutions guided by organizational standards and processes, but not constrained by them, to promote automation and efficiencies in support of the security program's goals and objectives.
-Collaborates with developers, analysts, engineers, and managers to identify and implement software solutions that meet security policies and practices.
-Brings existing security tool stack to bear on development problems
-Identifies security requirements and related controls that may be more easily or quickly satisfied or implemented through software-enabled mechanisms and processes.
-Consults with team members to increase awareness and understanding of benefits, implications, and limitations of existing or proposed software-based solutions.
-Actively collaborate with other security team members, product teams, and other stakeholders to help create and maintain software-based security controls in line with industry best practices and specific business requirements.
-Updates applicable knowledge by maintaining awareness and understanding emerging, technologies, strategies, approaches by participating in conferences, attending seminars, reading professional publications, etc.
-Coordinates security advisement for the development team and aids in remediation of any concerns.
-Provides security Subject matter expertise for the team, representing corporate security teams to the development teams and representing development team issues to the corporate security team.