Java Security Engineer
1525 Windward Concourse ALPHARETTA, GA 30005
The Security Engineer responsibilities will include analyzing, reviewing, and developing secure applications, contributing to secure architecture designs, and recommending security measures and best practices to support a robust platform. Additionally, this Security professional will assist with identifying, prioritizing, evaluating opportunities to increase the efficiency and effectiveness of secure practices across the business unit operations and products/services through automation and use of emerging technologies and innovation techniques.
• Serve as SME on application security and collaborate with software development teams to provide technical guidance to implement appropriate security solutions, mechanisms and/or controls that address business requirements.
• Successfully lead the design, development, implementation of a critical and complex part of an Application Security Tools and Services.
• Work with product teams and product owners to understand and formulate security requirements for large internet-facing, enterprise software applications.
• Act as a liaison between software engineers and Information System Security Office (ISSO)
• Conduct and coordinate vulnerability assessments and code-reviews of software application under development
• Consult team members on secure coding practices
• Monitor the marketplace for application security related tools, conduct tool analysis and provide recommendations.
• 6+ years of Java/Enterprise Java development experience
• Expertise with application server technologies, Spring Framework, Spring Security, Web Services (JAX-RS/JAX-WS), REST and Hibernate
• In-depth knowledge of and experience with Java security technologies, Single-sign-on and identity management technologies
• Expertise with web system security concepts, including multi-factor authentication, authorization (RBAC), encryption/hashing, applied cryptography, SAML (mandatory), LDAP
• Knowledge of cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors
• Knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols
• Knowledge of network-based, system-level and application layer attacks and mitigation methods
• Experience with static code analysis tools including HP Fortify, FindBugs, PMD
• Knowledge of and experience with agile software development methodologies
• BS in Computer Science or related field
• Experience with Oracle, SQL Server or other major RDBMS
• Understanding of service oriented architecture design patterns and its implementation
• Experience with source control systems such as GIT, SVN or CVS
• Experience with build systems such as Gradle, Ant or Maven
• Knowledge of NoSQL databases like Cassandra, MongoDB, Redis, and/or Riak
• Knowledge of Groovy, Grails, Scala, Mobile, Angular.js, Node.js, Twitter Bootstrap and/or other controls and/or JQuery