Java Security Engineer


Posted: 11/02/2018 Employment Type: Contract Industry: Security Engineer Job Number: 51467

The Security Engineer responsibilities will include analyzing, reviewing, and developing secure applications, contributing to secure architecture designs, and recommending security measures and best practices to support a robust platform. Additionally, this Security professional will assist with identifying, prioritizing, evaluating opportunities to increase the efficiency and effectiveness of secure practices across the business unit operations and products/services through automation and use of emerging technologies and innovation techniques.

• Serve as SME on application security and collaborate with software development teams to provide technical guidance to implement appropriate security solutions, mechanisms and/or controls that address business requirements.
• Successfully lead the design, development, implementation of a critical and complex part of an Application Security Tools and Services.
• Work with product teams and product owners to understand and formulate security requirements for large internet-facing, enterprise software applications.
• Act as a liaison between software engineers and Information System Security Office (ISSO)
• Conduct and coordinate vulnerability assessments and code-reviews of software application under development
• Consult team members on secure coding practices
• Monitor the marketplace for application security related tools, conduct tool analysis and provide recommendations.

• 6+ years of Java/Enterprise Java development experience
• Expertise with application server technologies, Spring Framework, Spring Security, Web Services (JAX-RS/JAX-WS), REST and Hibernate
• In-depth knowledge of and experience with Java security technologies, Single-sign-on and identity management technologies
• Expertise with web system security concepts, including multi-factor authentication, authorization (RBAC), encryption/hashing, applied cryptography, SAML (mandatory), LDAP
• Knowledge of cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors
• Knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols
• Knowledge of network-based, system-level and application layer attacks and mitigation methods
• Experience with static code analysis tools including HP Fortify, FindBugs, PMD
• Knowledge of and experience with agile software development methodologies
• BS in Computer Science or related field

Preferred Skills:
• Experience with Oracle, SQL Server or other major RDBMS
• Understanding of service oriented architecture design patterns and its implementation
• Experience with source control systems such as GIT, SVN or CVS
• Experience with build systems such as Gradle, Ant or Maven
• Knowledge of NoSQL databases like Cassandra, MongoDB, Redis, and/or Riak
• Knowledge of Groovy, Grails, Scala, Mobile, Angular.js, Node.js, Twitter Bootstrap and/or other controls and/or JQuery
Apply Online
Apply with LinkedIn Apply with Facebook Apply with Twitter

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.