|
|
|
|
Product Security Engineer - Virginia Beach Virginia
Company: NSS Location: Virginia Beach, Virginia
Posted On: 04/28/2024
We are working on a project that tackles the problem of managing large-scale IT networks. We are seeking talented and highly motivated engineers to join us in bringing this project to a larger audience. You would be responsible for helping to create, evolve, document, and implement security development and deployment practices for a product that's delivered both on-premises as well as to the cloud. Our product is a .NET Core application (with some TypeScript and Python components backed primarily by PostgreSQL, that serves both a web frontend and REST API. The application source is hosted in GitLab, and we use merge requests and GitLab CI to manage our code contribution workflows. Things we really need - Experience maintaining a secure software supply chain (monitoring for CVEs, creating SBOMs, etc.)
- Experience evaluating security best practices and applying them to processes and assets
- Experience reviewing code and architecture to identify potential security issues
- Experience writing internal documentation around security evaluations and decisions
- Experience with security monitoring infrastructure (log analysis, web application firewalls) Things we want too
- Familiarity with writing infrastructural code in support of security goals (abstractions, constraints, etc.)
- Familiarity with working with developers to help them learn and self-apply secure development principals
- Familiarity with government/industry security auditing processes
- Specific familiarity with web security concepts and best practices (TLS/HTTPS, common web vulnerabilities, federated authentication, etc.) Things that are extra cool
- Specific familiarity with government programs pertaining to secure application development (STIGs, APL, NIAP)
- Specific experience with the Microsoft web application development stack (C#, .NET, ASP.NET)
- Specific experience with AWS security tooling
- Experience with static application security analysis tools Our end of the bargain
|
|
|
|
|