Create a Job Alert.

Enter your email below to save this search and receive job recommendations for similar positions.
Thank you. We'll send jobs matching these to
You already suscribed to this job alert.
No Thanks
US
What job do you want?

Create Job Alert.

Get similar jobs sent to your email

Apply to this job.
Think you're the perfect candidate?
Apply on company site

You’re being taken to an external site to apply.

Create an account to get recommended jobs that match your resume and apply to multiple jobs in seconds!
8-15 characters
Contains Number
Contains Lowercase
Contains Uppercase
Contains Special Character
Software Security Specialist at Municipal Employees' Retirement System

Software Security Specialist

Municipal Employees' Retirement System Lansing, MI Full-Time
Apply on company site

Create Job Alert.

Get similar jobs sent to your email

SUMMARY


The Software Security Specialist analyzes software designs and implementations from a security perspective, and identify and resolve security issues. This will include the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software, including the implementation of software into the MERS production environments.


ESSENTIAL DUTIES AND RESPONSIBILITIES include the following:


•Implement, test and operate advanced software security techniques in compliance with MERS technical architecture standards and existing environments

• Perform on-going security testing and code review to improve software security

• Troubleshoot and debug issues that arise

• Provide recommendations/designs for new software solutions to help mitigate security vulnerabilities

• Contribute to all levels of architecture design and modifications

• Maintain technical documentation as needed

• Establish and enforce secure coding practices on both internal systems and with contracted vendors

• Lead implementation of software into MERS production environment to minimize production environment access from external resources as much as possible.

• Maintain an executable source code repository for all custom code where MERS/Vendor agreements for source code exchanges have been made.

• Understand and apply Authentication/Authorization/Accounting (3 A’s) principles

• Understand and apply principles of the Secure System Development Life Cycle in MERS Software Development Life Cycle

• Develop and enforce Static Application Security Testing (SAST) techniques for MERS applications.

• Develop and enforce Dynamic Application Security Testing (DAST) techniques for MERS applications.

• Develop and maintain application scanning capabilities

• Develop and maintain automated security scenario testing practices

• Assist with MERS implementation of release management within MERS environments

• Develop a familiarity with new software security/development tools and best practices


EDUCATION and/or EXPERIENCE


• BS degree in Computer Science, Information Security or related field

• 3 years minimum work experience as a software developer

• Software development experience in any of the following core languages: Ruby on Rails, Java, Javascript, C/C++ and ASP.NET, PHP

• Experience with industry-standard vulnerability management tools, including but not limited: to Rapid7 Nexpose and Metasploit Pro, and Rapid7 Insight IDR.

• Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation

• An understanding of the vulnerability identification, analysis, and scoring standard Common Vulnerability Scoring System (CVSS), as well as Common Vulnerabilities and Exposures (CVE)

• Adequate knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols

• Demonstrated knowledge of information security programs and operations, data security practices and procedures, and risk identification/assessment

• Experience with / understanding of different threats to an organization

• Experience as a software security specialist or engineer preferred

• Preferred certifications: CSSLP, GIAC (e.g., GCIH, GCIA, GCFA, etc.), CEH, OSCP, CISSP, or Security+


Major duties and responsibilities are listed above. This list indicates the kinds of work the person does, but in no way limits or modifies a supervisor’s right to change jobs or assign additional or different work to employees.


QUALIFICATIONS


• Strong problem-solving and critical-thinking skills with the ability to diagnose and troubleshoot technical issues

• Ability to analyze complex problems, interpret operational needs, and develop integrated, creative solutions

• Proficient in relational database management system concepts

• Strong interpersonal skills and ability to deal effectively in a team environment.

• Strong influence skills, the ability to network and build consensus

• Ability to respond effectively to the most sensitive inquiries or complaints.

• Advanced knowledge of Microsoft technologies and platforms

• Excellent verbal and written communication skills, including the ability to convey technical details in a clear and understandable manner to a variety of audiences

• Must be able to work independently, prioritize assignments and meet deadlines

• Interest in all aspects of security research and development

• A strong desire for continuous process improvement and excellence

• Strong planning, time-management, and organizational skills

• Ability to remain calm in stressful situations


PHYSICAL DEMANDS


The physical demands described here are representative of those that must be met by an employee to perform successfully the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.


• While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to finger, handle, or feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch or crawl; talk or hear; taste or smell.

• The employee must occasionally lift and/or move up to 25 pounds.


Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.


WORK ENVIRONMENT


The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.


• Location: All work of this position will be performed on site at MERS main office.

• Weather: While performing the duties of this job, the employee is not exposed to weather conditions.

• Noise: The noise level in the work environment is usually moderate.


  • Evaluate new hardware or software
  • Define new software processes and document software requirements
  • Utilize new software and hardware solutions
  • Implementing new software applications, updating existing software applications as well as maintaining existing software applications
  • Perform testing on new software development projects and legacy software platform products
  • Monitor testing across various software products
  • Develop new software products or major enhancements to existing software
  • Configure, and test computer hardware, networking software and operating system software
  • Use the project management software
  • Assist in testing new software functionality
  • Improving software quality by testing a wide variety of software components
  • Provide training to end users using specific software applications
  • Assisting with software solution troubleshooting
  • Develop and maintain software documentation
  • Conducting testing procedures to support software quality assurance
  • Perform updates for software database
  • Conduct financial application software training programs for end users
  • Analyze and troubleshoot software issues
  • Analyze software application issues across various platforms
  • Analyze technical developments in network systems software and hardware platforms

Recommended skills

Giac Certified Forensics Analyst
Global Information Assurance Certification
Giac Certified Intrusion Analyst
Certified Ethical Hacker
Giac Certified Incident Handler
Application Security
Apply to this job.
Think you're the perfect candidate?
Apply on company site

Help us improve CareerBuilder by providing feedback about this job: Report this job

Report this Job

Once a job has been reported, we will investigate it further. If you require a response, submit your question or concern to our Trust and Site Security Team

CareerBuilder TIP

For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using CareerBuilder you are agreeing to comply with and be subject to the CareerBuilder Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.