AT&T Senior Security Engineer (Government) in Washington, District Of Columbia
AT&T’s Government Customer is looking for a resource to provide software security engineering assurance and support by reviewing the design of new and existing systems and conducting code reviews. Security review will result in detailed recommendations for changes in the architecture and recommend configurations, as well as for software vulnerability remediation advice. Advises system owners, software development teams, administrators, project managers and other stake holders on best practices for designing secure systems and software assurance. Participates in design reviews, project meetings and provides input to the change control process. Prior job titles in resume may include: Software Quality Engineer, Software Security Assurance Engineer, or Code Review Specialist.
Key tasks include:
Reviewing security architectures, firewall configurations, IDS/IPS, and security controls for new and proposed systems
Architect, design, implement, support, and evaluate security-focused tools and services including project leadership roles
Providing software vulnerability remediation advice to software developers and software development teams.
Implementing static security testing tools within Continuous Integration systems
Experience creating secure online applications during one or more phases of the SDLC including requirements, design, development, and pre and post deployment testing.
Experience developing APIs
Test and evaluate products in a lab environment
Provide input into the development of security policies and procedures
Provide detailed security recommendations for the secure development of systems
Create, test and optimize Web Application Firewall (WAF) profiles
Evaluate and recommend new and emerging security products and technologies
Provide security operations support as needed
Participate in projects that develop new intellectual property
Evangelize security within the organization and be an advocate for customer trust
Bachelor’s or equivalent and 8-10 years of professional IT experience
Excellent written and verbal communication skills
Excellent leadership skills and teamwork skills
Results oriented, high energy, self-motivated
At least 3 years of hands on experience with virtualization, system, network and/or application security experience
Knowledge of Firewalls, IDS/IPS, intrusion detection, VLANS, routing and other network security technologies
Knowledge of virtualization technologies including virtual firewalls, networking and segmentation
Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
Commonly used tools would generally include one or more of the following:
Static code review tools such as: Fortify, AppScan, Veracode, Coverity, Parasoft, WhiteHat Sentinal Source, Checkmarx, Trustwave, Qualys, PortSwigger, NT OBJECTives, N-Stalker, Acunetix, Virtual Forge, Trend Micro, Quotim, Appthority, Contrast Security, Pradeo, Parasoft, Klocwork,Gramma Tech, Amorize Technologies
Experience using or integrating with Jenkins, Bamboo, Jira, Bugzilla, Visual Studio, Eclipse, IntelliJ, Maven
Knowledge of OWASP Top 10, CWE/SANS Top 25, MISRA, CERT Secure Coding Initiative, SAMATE, FDA Software Validation, Ellemtel, or NIST Software Security
Required Clearance: Ability to obtain Public Trust Clearance if required. Government fingerprint and background check required.
US Citizenship or Permanent Resident Status.
AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V