Job Summary
As a Secure Development Lifecycle (SDL) Engineer, you will take an active role in a cross functional team, focused on planning and guiding the implementation of multiple product security assurance initiatives. You will plan and manage the application and compliance tracking of secure development lifecycle activities. This is a challenging position working in a very fast paced environment, with the opportunity to work collaboratively with like professionals in the Security, Engineering, Marketing, Operations, Legal, and Global Services functions, and to positively influence greater business outcomes.
Job Requirements
The Secure Development Lifecycle Engineer coordinates NetApp Technology Groups during the product lifecycle, ensuring security checkpoints are understood and completed. The role involves working with others who have a varying level of understanding of product security and how it impacts their functions. A successful candidate will be able to relate secure development to all levels of experience from senior leaders to entry level. The job requires the handling of sensitive information and requires exceptional judgment to protect the company and customer's interests.
o Define, commit, and track secure development lifecycle activities across the entire product development organization.
o Continually working to improve application security through new and adjusted methodology and tooling.
o Collaborate with engineers and other project stake holders, serve as an expert in secure design, development, and delivery.
o Perform technical security assessments including threat modeling, security baseline analysis and final security reviews and recommendations.
o Develop security satellites as security leaders or SMEs within individual product teams.
o Possess and demonstrate excellent written and verbal communication skills
o Strong understanding of static analysis, dynamic analysis, OWASP top 10 and vulnerability scanning.
o Strong understanding of third-party and open source software integration and usage methodology.
o Strong understanding of the network stack including ports and protocols.
o Strong understanding of concepts related to computer architecture, data structures and standard programming practices.
o Proven experience in leading teams in software security test planning, automation, documentation and process improvement.
o Hands on experience in DevSecOps or Security Tools Pipelining.
o Storage background and understanding of network topologies is a plus
o Hands on experience in Cloud Security is a plus
o Understanding of maturity models such as BSIMM or Open SAMM preferred.
Education
o A minimum of 4 years of experience is required. 5 to 7 years of experience is preferred.
o A Bachelor of Science Degree in Engineering or Computer Science, a master's degree, or a PhD; or equivalent experience is required.
o CSSLP is desirable.