The Advanced Security Engineer has responsibility for supporting the development, implementation, and operation of secure software and information systems that support PNI's Global Enterprise and serve PNI's' customers.
This position assists the business with security, privacy, and compliance related aspects with respect to functionality, performance, scalability, reliability, realistic implementation schedules, and adherence to development goals and principles.
- Provides information security expertise related to mobile and web e-commerce application development.
- Supports multiple products, customers and GT teams as an application security SME.
- Create baseline threat model and risk assessment for all applications and systems in use at PNI Digital Media.
- Determine application/infrastructure/operational security gaps and controls to improve PNI's security posture.
- Maintain and communicate status of application related threats/controls/risk to management.
- Implement and champion secure SDLC practices at PNI Digital Media.
- Assist internal PNI PMO staff and customers with security requirements during inception and elaboration phases of SDLC.
- Assist internal engineering and architecture teams with implementation of tactical and strategic security patterns.
- Create security architecture and design documents to provide assurance to customers and technical sales support to internal staff.
- Assist customers during integration and implementation phases of SDLC.
- Experience as an information technology (preferably security) instructor is desired.
- Review internal and third party application security test results, rate the risk of detected issues, and work with engineering and architecture on design and implementation of controls.
- Review bug reports, identify and rate the risk of detected security issues, and work with engineering and architecture on design and implementation of controls.
- Participate in related industry organizations and special interest groups.
- Keep abreast of evolving vulnerabilities and attack patterns that could impact PNI's e-commerce business.
- Technical presentations on application security patterns and best practices (cryptography, mobile application security, SSO, etc.).
- Mentor select engineering and architecture resources on application security patterns and best practices.
Knowledge and Skills
- Expert knowledge and experience with application security weaknesses and design patterns (OWASP Top Ten, OWASP ASVS, etc.) applied to MVC architecture is required.
- Expert knowledge and experience with e-commerce payment services and PCI-DSS requirements for application development and operation is required.
- Expert knowledge and experience with IAM application security technologies (OAUTH, OpenID, SAML, etc.) is required.
- Expert knowledge and experience with creating security design, architecture, and risk assessment documents is required.
- Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to high-level presentations.
- A positive attitude and a desire to tackle challenging problems through teamwork and collaboration is required.
- Familiarity with MS Dot Net and Active Directory is desired
- Expert knowledge and experience with smartphone platforms (iOS, Android and/or BlackBerry) and mobilized services is required.
- Expert knowledge of and experience with cryptographic systems running on mobile devices and mobilized services.
- Expert knowledge of and experience with mobile application security (software and firmware) and related peripheral technology such as NFC is required.
- Knowledge and experience with security technologies such as intrusion detection/prevention, event correlation, firewall, antivirus, anti-spam, policy enforcement, patch/configuration management, usage monitoring, audit, secure application development, etc. is desired.