Our client is seeking a new Enterprise Security Engineer to join their team in this new full-time opportunity. Brief details are below. If interested, please apply and we will reach out for follow-up next steps.
Title: Enterprise Security Engineer
Location: Must be onsite 3 to 4 days a week in Beaverton, OR
Design, develop, and execute software security testing and perform security-focused source code analysis of internal products and services, generating reports with thorough analysis of findings.
- Enhance and maintain security threat models for our enterprise software products.
- Identify industry standards and guidelines to follow for our enterprise software products.
- Develop and execute security focused test plans, including pen testing.
- Generate, distribute, and archive reports of security testing results.
- Work closely with stakeholders to re-test as they resolve discovered issues.
- Review product source code to ensure industry standard secure programming practices are followed.
- Monitor reports and advisories from upstream vendors for vulnerability reports, working with development team to ensure security updates are applied.
- BS in in Cybersecurity or similar/Certifications in CISSP/CCSP/etc. or similar.
- Proficiency in C, C#/.NET and Python.
- Experience in Offensive security toolkits (Kali/Metasploit/etc.)
- Degree in Cybersecurity or similar/Certifications in CISSP/CCSP/etc. or similar.
- Awareness of standards bodies (e.g., ISO), industry (e.g., TCG) and governmental (e.g., NIST) organizations and the understanding of their documents related to computing security.
- Experience in network security.
- Experience in static/dynamic code analysis.
- Must have good English communication skills, both written and verbal.
- Must work well both with a team and independently.
- Working knowledge of motherboard technologies such as PCIe, USB, Thunderbolt, UART, SPI, I2C.
- Experience with operating system kernel and/or driver development, including Windows and Linux.
- Low-level hardware experience.
- Solid understanding of cryptographic technologies such as public-key cryptography.
- Solid understanding of networking protocols.