IT Job Pro

Most Popular Tech Job site – Find Jobs || Post Jobs

Lead Security Software Engineer – Virtual Position

Remote Comcast

Job Summary

Effectv Engineering team has embarked on a cultural transformation towards enabling our engineering development teams to build-security-in rather than having security specialists bolt-it-on, an approach we refer to as DevSecOps. This Lead Security Software Engineer position is going to be a key driver towards this cultural transformation. The key goals of this position are:

1) Enable Development teams to take ownership of their application security by supporting the teams to adhere to the Comcast DevSecOps practices and supporting / performing SDL assessments
2) Build security into the enterprise architecture by working with the architects and the engineers
3) Ensure Development teams comply with the Comcast Cyber Security Standards by working in conjunction with the Security teams
4) Collaborate with teams and vendors to automate security processes into CI/CD pipelines, enhance source code analysis tools (SAST/DAST) including configuration and operation of tools and helping with evaluation of new tools
5) Design, implement and perform security testing to improve the security posture of the engineering organization

Job Description

Core Responsibilities

  • This position can be worked remotely with occasional meetings at the office in Wayne, PA.
  • Coach development teams in learning how to develop secure code
  • Advise teams on implementing security tools and CI/CD processes and help automate security processes in CI/CD pipelines
  • Develop CI/CD integration (e.g. Concourse, Jenkins etc.) and/or build tool integration (e.g. Maven) capabilities in support of Secure Product Development
  • Address security risk and advocate appropriate DevSecOps practices to improve end to end secure delivery practices by working closely with development teams
  • Collaborate with teams and vendors to enhance source code analysis tools including configuration and operation of tools such as WhiteSource, Coverity, Contrast, SonarQube, Checkmarx etc. and helping with evaluation of new tools
  • Be a trusted automation and tooling advisor for DevSecOps initiatives by providing objective, practical and relevant ideas, insights and advice
  • Work with the Comcast Cybersecurity team to perform DevSecOps / SDL assessments of teams against the Comcast SDL practices
  • Influence culture change resulting in a shift-left and security-by-design movement by building relationships with development teams, security teams & business stakeholders
  • Works with the architects to ensure that security is built into enterprise architecture including implementation of secure design patterns (On-Prem and Cloud) and providing engineering designs to mitigate security vulnerabilities in new software solutions
  • Design, implement and perform security testing programs including white box testing as well as code reviews for improving software security
  • Develop training & awareness programs, evangelizing security through internal and external events
  • Maintaining technical documentation related to software security
  • Design solutions to enable issue tracking, metrics, and reporting to support planning, compliance, and remediation activities
  • Staying updated with latest tools and advanced industry practices for software security
  • Coach/Mentor/Consult with team members to follow secure coding practices
  • Proven work experience as a security software engineer
  • Application security development experience with Windows and Linux based applications
  • Strong programming/scripting experience in languages like Java, C#, Python, Go etc.
  • Experience with development of CI/CD pipelines and integrating security processes using tools such as Jenkins, Concourse etc.
  • Experience in cloud providers such as AWS, Azure, GCP etc. specifically in implementing cloud security design patterns
  • Experience using configuration management tools such as Ansible and infrastructure-as-code tools like Terraform a plus
  • Working knowledge of GIT, JIRA, Jenkins, Docker, Puppet, Chef, other Agile CI/CD and project management tools and Kanban boards
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
  • Experience with OWASP Secure Coding Practices
  • Experience with developer oriented (as opposed to infrastructure oriented) automated security testing tools
  • Experience with security testing including Whitebox penetration testing as well as code reviews for improving the software security
  • Certifications like Certified Cloud Security Professional (CCSP), Certified Secure Software Lifecycle Professional (CSSLP) a plus
  • Works with the architects to ensure that security is built into enterprise architecture including implementation of secure design patterns (On-Prem and Cloud) and providing engineering designs to mitigate security vulnerabilities in new software solutions
  • Collaborates with project stakeholders to identify security requirements. Conducts analysis to determine integration needs.
  • Designs and perform security testing programs including white box testing and code reviews, supports applications under development and customizes current applications. Assists in the roll-out of secure software releases.
  • Trains junior Software Development Engineers on secure coding practices.
  • Oversees the researching, writing and editing of documentation and technical requirements, including software security designs, evaluation plans, test results, technical manuals and formal recommendations and reports.
  • Keeps current with technological developments within the software security domain. Monitors and evaluates competitive applications and products. Reviews literature, patents and current practices relevant to the solution of assigned projects.
  • Assists with technical leadership throughout the design process and assists in guidance with regards to practices, procedures and techniques. Serves as a guide mentor for Software Development Engineers.
  • Assists in tracking and evaluating performance metrics. Ensures team delivers software on time, to specification and within budget.
  • Works with Quality Assurance team to determine if applications fit specification and technical requirements. Tests and evaluates systems, subsystems and components.
  • Acts as a technical contact and liaison for outside vendors and/or customers.
  • Presents and defends architectural, design and technical choices to internal and external audiences.
  • Consistent exercise of independent judgment and discretion in matters of significance.
  • Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) and overtime as necessary.
  • Other duties and responsibilities as assigned.

Employees at all levels are expected to:

  • Understand our Operating Principles; make them the guidelines for how you do your job.
  • Own the customer experience – think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.
  • Know your stuff – be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences.
  • Win as a team – make big things happen by working together and being open to new ideas.
  • Be an active part of the Net Promoter System – a way of working that brings more employee and customer feedback into the company – by joining huddles, making call backs and helping us elevate opportunities to do better for our customers.
  • Drive results and growth.
  • Respect and promote inclusion & diversity.
  • Do what’s right for each other, our customers, investors and our communities.

Disclaimer:

  • This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications.

Comcast is an EOE/Veterans/Disabled/LGBT employer.

Education

Bachelor’s Degree

Relevant Work Experience

10 Years +

Base pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That’s why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality – to help support you physically, financially and emotionally through the big milestones and in your everyday life.

To apply for this job please visit itjobpro.com.