This site uses cookies. To find out more, see our Cookies Policy

Lead Security Engineer in Reston, VA at ConsultNet

Date Posted: 4/26/2019

Job Snapshot

Job Description

Our client, one of the largest Amazon Web Services (AWS) partner for data services, is looking for a Lead Security Engineer to join their elite team of technologists to build and contribute to large-scale, innovative projects. Our client wants candidates who are eager to learn and grow with them as they work to move their market monitoring applications to modern big data platforms in the cloud where up to 60 billion market events are being processed each day.

The Lead Security Engineer will oversee end-to-end development and delivery for a software solution. The solution is a web-based application built on micro-services architectures, single page app (spa) UIs, and AWS cloud infrastructure utilizing CI/CD and Agile methodologies. 
The Lead Security Engineer, will be able to establish themselves as a subject matter expert (SME) in Application Security, while working collaboratively with application and testing teams early in the SDLC to establish security requirements through threat modeling and research activities.
Essential Job Functions:

  • Help educate application stakeholders to understand relevant security issues, including practical strategies for fully mitigating or partially compensating the associated risks
  • Provide an embedded security SME experience to the company's application community
  • Lead the identification and prioritization of security requirement deficiencies, and the architecture and design of security controls
  • Develop and implement strategies to promote the consistent use of security controls across the enterprise
  • Take appropriate action to resolve security discrepancies
  • Participate in the identification, evaluation, and recommendation of new security technologies, techniques, and tools
  • Participate in defining, reviewing, and promoting information security policies, standards, guidelines, and procedures
  • Participate in internal process improvement initiatives. Provide feedback on processes by offering suggestions.
  • Mentor junior staff
  • Provide backup coverage for next level management, as appropriate
  • Assist with adherence to relevant technology policies, standards, and guidelines
  • Ensure all work products meets/exceeds company standards

Desirable Experience:

  • Knowledgeable in how to identify and test common AppSec issues and countermeasures
  • Hands on experience with and an understanding of the pros/cons of common industry threat modeling methodologies; e.g. freeform diagrammatic approaches such as Data and/or Process Flow Diagrams vs. questionnaire-based approaches such as Practical Threat Analysis (PTA)
  • Experience with existing Application Security Risk & Threat Modeling (ASRTM) solutions, such as Security Compass SD Elements (SDE), MyAppSecurity ThreatModeler, or IriusRisk.
  • Understanding of common industry security categorization schemes, such as STRIDE
  • Understanding of common industry risk ranking models, such as DREAD, CVSS, OWASP Risk Rating Methodology, …; and how each is most effectively used
  • Building and delivering training content (Brown Bags, …) to Developers, Testers and other security professionals.
  • Knowledge and experience with Amazon Web Services (AWS) security models and configuration
  • Development experience is a plus