: Sr. Security Engineer
200 Clarendon St, 22nd Fl
Boston, MA 02116

Video

About the Role

Validity is looking for a senior application security engineer to join our security and privacy team. As our appsec expert, you will partner with our product development and web content teams to assess our code, applications, and sites, prioritize risks for remediation and help us shift security left in our SDLC. You will lead our own third-party pen tests as well as manage client-initiated assessments, and will also lend a hand in day-to-day secops and privacy team operations. If you are smart, autonomous, friendly, and thrive in a fast-paced environment, wed love to have you join us!

Team Dynamic

Validitys secops and privacy team is collaborative, cooperative, and strong business partners with all business units within Validity. We seek to build positive relationships while maturing and strengthening Validitys security and privacy posture.

Position Duties and Responsibilities

  • Provide expert-level security engineering knowledge through strong technical leadership & drive demonstrable improvement to operational practices, fortifying Validitys security posture.
  • Provide state of security posture & recommend solutions to provide better protection of information assets.
  • Analyze the current security and software architecture to identify weaknesses & develop opportunities for improvement.
  • Conduct security reviews & penetration testing of systems, source code, and applications.
  • Provide accurate & timely reporting on all project deliverables.
  • Provide skills training & coaching for Security Operations Team members on processes, procedures, & technologies.
  • Provide discovery, analysis & forensic documentation of security incidents as they occur within the Validity systems.
  • Work with various IT & Engineering functional groups to ensure end-to-end system security regarding data exchange between systems both internal & external & reduce unnecessary risk to the organization.
  • Research & implement emerging security technologies for their application in the Validity computing environment.
  • Assess standard operating system configurations & management practices implemented to protect Validity data.
  • Provide practical security best-practice guidance to Validity.
  • Assist in the development of disaster recovery plans and business continuity exercises.
  • Other duties logically associated with the position (ex: working with third parties on their technical assessments of our systems and applications, supporting internal customers with general security questions, etc.)

Required Experience, Skills, and Education

  • 7+ years experience in Information Security Engineering, in a technical capacity.
  • Must have the ability to work effectively with all levels of staff (both technical and non-technical), possess excellent oral & written communications skills, demonstrated leadership, problem-solving, planning, & organizational skills.
  • Experience with penetration testing web-based SaaS applications and systems operating out of Cloud infrastructure (AWS, Azure, etc).
  • Knowledge of application-level attacks and mitigation methods, with a thorough understanding of OWASP top 10.
  • Knowledge of Windows, Linux, & Mac OSX operating systems, IP networking, security scanners, industry best-practices, & related security topics.
  • Knowledge of network-based & system-level attacks & mitigation methods & related networking hardware - routers, switches, wireless networks, load balancers, VPN, etc.
  • Knowledge of DAST and SAST systems.
  • Ability to demonstrate experience in performing security design, build, implementation, & support for Information Security infrastructure in an enterprise-level environment.
  • CEH, eCPPT, eWPT, GWAPT, OSCP, or equivalent experience.

Preferred Experience, Skills, and Education

  • BS, MS in Computer Science or equivalent experience
  • CISSP, CISM, or CSSP
  • Experience with Qualys and Checkmarx
  • Basic knowledge of PHP, Python, and Ruby
  • Experience working with compliance & regulatory program requirements.
  • Familiarity with email marketing and/or customer relationship management (CRM) platforms are a plus.
Full-time