Founded in 2004, NetBrain is the market leader disrupting the network automation space. Its ground-breaking automation platform leverages the power of dynamic maps to provide CIOs and network teams with end-to-end network visibility while enabling adaptive automation across the organization’s physical, virtual and software-defined networks. Today, over 2,000 of the world’s largest enterprises and managed services providers leverage NetBrain’s platform to automate network documentation, troubleshooting, and change management.
“NetBrain’s success is due to our people, and over the years, we have been fortunate to attract top talent because of our unique culture and exciting mission to transform the network management industry.” - Lingping Gao, Chairman and Chief Executive Officer of NetBrain
GROW WITH US!
NetBrain Technologies is seeking a cyber security professional to join our Product Security Team and be a member of the NetBrain Security Event Response Team. As part of this team you will help secure and defend our products from the constantly evolving threat landscape of both the traditional on-premise as well as the cloud based SAAS worlds.
As a member of the Product Security Team you will:
- Work with Development and QA to ensure adherence to NetBrain SDLC by providing guidance and implementation, and testing advice, with an emphasis on a shift left philosophy.
- Promote SDLC adoption, by monitoring SCA, Static Analysis, and Dynamic testing results.
- Contribute to product security by participating in design and code reviews in security related areas.
- Work with the security architect to design and implement Secure libraries, like common crypto module, and Safe-C and Safe-J API libraries.
- Perform security audits of code and collaborate with the Security Architect to perform threat analysis through Threat Modeling and penetration test scenarios.
- Stay abreast of security development practices, including the research of current and evolving trends.
- Monitor industry blogs and mailers to stay up to date with the latest emerging threats and remediations.
As a member of the NetBrain Security Event Response Team you will:
Manage cases of Customer reported or internally found vulnerabilities,
- Determining if our products are vulnerable
- If so determine proper course of remediation and create a defect tracking case for development.
- Participate in the crafting of a response to the reporting customer, as well as a general advisory for all NetBrain customers.
- Coordinate the creation of patches for field release and fixes in current production.
- Ensure posting of the patches, and the security advisory are synchronized.
- Bachelors in Computer Science or related field
- A good working knowledge of tools like BlackDuck, Whitesource, Coverity, SonarQube, AppScan, AppSpider, QualsysGuard, etc.
Experience with security concepts, including:
- Authentication and authorization (including MFA)
- Current ‘strong’ cryptography algorithms, as well as legacy ‘weak’ crypto algorithms.
- Secure coding practices and Secure Development Life-Cycle (SDLC)
- Application security concepts
- Familiarity with network and web security wire protocols such as TLS, IPSec etc.
- Operating systems hardening
- Security-focused design and coding skills
- Experience advocating for technical security solutions across functional domains
- 3+ years of industry experience architecting and implementing security features and solutions
- 5+ years of native code development ( C/C++) or 5+ years of 3GL such as C#, Java, or Python
- Experience with security engineering solutions
Desirable (non-essential) skills:
- Ability to design and execute automated penetration testing modules to detect vulnerabilities during build time, coming up with innovative ways to integrate security into the SDLC.
- Experience working in an ISO 27001 environment.
- Familiarity with compliance standards such as, PCI DSS, Common Criteria, SOX, HIPPA, FIPS 140-2, FEDRAMP requirements, etc.
- Experience security testing automation and hardening of applications is very desirable.
- Exposure to Public Key Infrastructure (PKI) management including AWS KMS, Hashicorp Vault, and Gemalto SafeNet KMS
- Experience working in a SaaS as well as a traditional Fullstack environment.
- Recognized security certifications are highly desirable (CISSP, CISA, GIAC, CEH and others)