Job description

Senior Security Development Engineer Type: 1 Year Contract Compensation: $75-100 per hour SherlockTalent is looking for a Senior Security Development Engineer (Security Engineer + Software Engineer) that will be a part of the Cybersecurity Team focused on general application and infrastructure security, DevSecOps principles, code quality, vulnerability management, penetration testing, and security operations. This is a Senior Level position and must be able to lead, influence, solve challenges, and push engineering knowledge. Responsibilities Integrate and maintain a continuous static and dynamic analysis process into the product development life cycle. Integrate and maintain a continuous penetration testing solution that is tuned to the specific needs of the product. Collaborate with product delivery team to help design secure application/system architecture and deployment best practices in on-premises and Cloud-based services. Review code for possible flaws and develop intrusion detection algorithms on-network and in-application. Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks. Prepare and document standard operating procedures and protocols. Implement and monitor security measures for the protection of computer systems, networks, and information. Requirements Bachelor’s degree in IT (equivalent work experience will be considered) Minimum of 4-8 years of experience in secure code development, Offensive Security Certified Professional (OSCP), Global Information Assurance Certification (GIAC), and/or Certified Information Systems Security Professional (CISSP), and/or Offensive Security Certified Expert (OSCE) Knowledge with C#, .Net, and Python software Detailed technical knowledge of database and operating system security with a minimum of four years working with Windows and Linux technologies. Knowledge with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols. Knowledge of Public Cloud security principles and best practices. Static application security testing (SAST) tools such as Checkmarx Dynamic application security testing (DAST) tools such as AppScan Continuous integration and continuous delivery (CI/CD) tools such as Bamboo, Jenkins, Azure DevOps, Octopus Deploy, etc. #

Requirements