Principal Security Software Engineer
We’re an energized bunch, who love to be at the forefront of innovation. We make it our mission to develop and stay ahead of the latest trends and technology. Our goal? To put customers at the core of what we do and to deliver solutions that drive transformation and unlock the potential of people and businesses.Requirements
- Experience with static code review tools (Veracode, Fortify, CheckMarx, Coverity, etc)
- Experience with software composition analysis tools (WhiteDource, BlackDuck, Veracode, etc)
- Experience with security testing tools (Burp suite, Appscan, WebInspector, SQLMAP, Kali, etc.)
- Experience with Application security threat modelling, abuse case analysis, risk assessments, design and architecture review.
- Experience with Software exploitation (penetration testing, reverse engineering).
- Experience with enterprise software and architecture.
- Experience with middleware and messaging.
- Experience with IDM, IAM and AAA (SAML, OpenID, Oauth).
- Experience with Web application security (REST, WSDL).
- Knowledge of Secure SDLC processes.
- Software development and/or QA background (knowledge of programming languages, SDK, API, SPI and application infrastructure/servers).
- Code security knowledge (AST/SCA tools).
- Working knowledge of networking protocols and cryptography.
- Working knowledge of database technologies including directory services, relational databases and no-SQL.
What will you contribute?
Finastra has a broad range of products which were developed in isolation over many years. The product security consultant will help ensure these products meet the exacting security requirements of the financial services industry. This will require a clear view of external requirements and threats, detailed analyses and decisions on products design, architecture and tools and approaches to be adopted, as well as close collaboration with the development teams to ensure security awareness is improved and that good security practices and approaches are adopted.
Responsibilities & Deliverables:
- Partner with our product engineering teams to address security issues and develop a process that embeds security in the SDLC.
- Work with the product engineering teams and providing SME advice to understand and remediate vulnerabilities in code
- Support the product engineering teams to identify false positives in code scanning reports and security testing reports
- Build, maintain and execute a strategy to secure Finastra’s customer facing products.
- Conduct and lead threat assessments and propose remedies.
- Partner with the business to understand our clients’ security needs and the marketplace security standards.
- Develop security requirements and stories.
- Lead conversations about security with prospective and current clients alongside the business and sales team.
- Develop security material (brochures, white-papers) for consumption by customers showcasing the security of Finastra products.