The Software Security Engineer performs dynamic and static application testing and ensures all Software Security mechanisms built into the application function correctly. The Engineer is also responsible for performing secure code reviews on either a manual and/or automated basis Responsibilities: ¦Performs software security application testing at a unit, functional, and system wide level ¦Performs manual and/or automated secure code reviews ¦Performs manual and/or automated dynamic application assessments ¦Performs end-to-end mobile application assessments ¦Assists the Security Event Center with incident response issues and vulnerability training ¦Participates as needed in documenting software security standards, guidelines, policies and procedures ¦Acts as Software Security resource on assigned projects ¦Creates reusable software security artifacts ¦Translates assessment results into business requirements and communicates those to business partners and risk owners ¦Researches and understands new methodologies for exploiting web based applications. ¦Perform other duties as assigned Required Skills: ¦1-3 years of experience in delivering commercial grade software or services (SaaS, cloud computing, mobile applications or infrastructure) assuming either a development, QA testing or security role ¦1-3 years of application security experience, including threat modeling, threat assessments, risk identification techniques, penetration testing and automated or manual code reviews ¦Experience with Web Services and SOAP protocols, both in client and server as well as dynamic languages such as REST, python, ruby, groovy and scala ¦Detailed technical knowledge in security engineering, system and network security, authentication and security protocols, applied cryptography, security exploit development, security vulnerabilities and remediation techniques ¦Detailed knowledge of network and Web related protocols (TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols) ¦Recent development experience with one or more modern program languages (Java, Objective-C, C#) ¦Working knowledge of OWASP top 10 security risks and remediation approaches ¦Experience with interpreting policies and appropriately applying them to projects ¦Experience writing technology-specific best practices # of Years Required: 1-3 years Preferred Skills: ¦Desired certifications: CISSP, CSSLP, CISM, GIAC Required Education: ¦4 year college degree in Computer Engineering, Computer Science, Software Engineering, Information Assurance or a related field