Software Security Engineer 3  1

Software Security Engineer

Omaha, NE

CSS Staffing, based in Omaha, NE, has an open position with a large client for a

Software Security Engineer - Preference would be to fill in Omaha, but will also consider Jersey City & Dallas/Ft Worth.

The successful candidate will possess the following skills:

·        1-3 years experience in delivering commercial grade software or services (SaaS, cloud computing, mobile applications or infrastructure) assuming either a development, QA testing or security role 

·        1-3 years of application security experience, including threat modeling, threat assessments, risk identification techniques, penetration testing and automated or manual code reviews

·        Experience with Web Services and SOAP protocols, both in client and server as well as dynamic languages such as REST, python, ruby, groovy and scala

·        Detailed technical knowledge in security engineering, system and network security, authentication and security protocols, applied cryptography, security exploit development, security vulnerabilities and remediation techniques

·        Detailed knowledge of network and Web related protocols (TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

·        Recent development experience with one or more modern program languages (Java, Objective-C, C#)

·        Working knowledge of OWASP top 10 security risks and remediation approaches

·        Experience with interpreting policies and appropriately applying them to projects

·        Experience writing technology-specific best practices

Desired licenses, certifications

• CISSP, CSSLP, CISM, GIAC

 Core Responsibilities:

·        Performs software security application testing at a unit, functional, and system wide level

·        Performs manual and/or automated secure code reviews

·        Performs manual and/or automated dynamic application assessments

·        Performs end-to-end mobile application assessments

·        Assists the Security Event Center with incident response issues and vulnerability training

·        Participates as needed in documenting software security standards, guidelines, policies and procedures

·        Acts as Software Security resource on assigned projects

·        Creates reusable software security artifacts

·        Translates assessment results into business requirements and communicates those to business partners and risk owners

·        Researches and understands new methodologies for exploiting web based applications.

·        Perform other duties as assigned 

Additional Information:

• Start Date: ASAP
• Assignment length: Contract to hire