• 5+ years of experience as a software engineer (in any language or framework) or software engineering manager
• 5+ years of experience as a software development-focused cybersecurity professional
• 1. Experience analyzing and remediating security findings from automated and manual sources such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), penetration testing, Software Composition Analysis (SCA), etc.
• Experience leveraging one or more of the following resources to support secure coding and decision-making: OWASP Top 10, MITRE Common Weakness Enumeration (CWE) Top 25, OWASP Application Security Verification Standard (ASVS) and Other industry-standard best practice guides or frameworks
• Experience building or supporting web applications and API’s including Single Page Applications (SPA) and RESTful API’s.
• Proficiency in one or more programming languages.
- 5+ years of experience working on a major cloud platform (AWS, Azure, GCP, or Salesforce) as a software engineer, cloud/DevOps engineer, security engineer, or architect.
• Decision-Making Ability – Our engineers make sound, justifiable, customer-first decisions to determine which security issues to raise to software engineers/leaders and support work prioritization decisions.
• Strong Communication – Our engineers relate complex technical concepts to non-technical audiences and technical audiences without a security background. Additionally, the Digital team spans the globe, and our engineers must collaborate effectively with engineers from a number of locations and cultural backgrounds.
• Active Participation – Software engineering is not a “spectator sport”. The input and experience our engineers bring to the table are valued and should be shared freely. Similarly, engineers are relied upon to complete complex assignments at a high level of quality with limited supervision.
(Desired)
• 1. Professional certifications in either cybersecurity or software engineering, such as: Associate or Professional-level certifications from a major cloud provider (AWS, Azure, GCP, or Salesforce), CompTIA Security+, Cloud+, etc., ISC2 Certified Software Lifecycle Professional (CSLP)
• Background in problem identification, root cause analysis, and process improvement.
• Excellent writing abilities and experience writing technical analysis and reports for consumption by software engineers, architects, and managers.
• Experience as a software or security engineer as an employee or contractor of a Fortune 500 company.
• Experience as a software or security engineer on eCommerce, device telematics, data analytics, or mobile applications.
• Bachelor’s degree (or equivalent) in Computer Science, Software Engineering, Cybersecurity, Electrical Engineering, or a related discipline.