Staff Application Security Engineer

Hadapt   •  

San Diego, CA

Not Specified years

Posted 175 days ago

This job is no longer available.

Teradata empowers companies to achieve high-impact business outcomes through analytics. With a powerful combination of Industry expertise and leading hybrid cloud technologies for data warehousing and big data analytics, Teradata unleashes the potential of great companies. Partnering with top companies around the world, Teradata helps improve customer experience, mitigate risk, drive product innovation, achieve operational excellence, transform finance, and optimize assets. Teradata is recognized by media and industry analysts as a future-focused company for its technological excellence, sustainability, ethics, and business value.

The Teradata culture isn’t just about one kind of person. So many individuals make up who we are, making us that much more unique. It’s what sets apart the dynamic, diverse and collaborative environment that is Teradata. But even as individuals, there’s one thing that we all share —our united goal of making Teradata and our people the best we can be.

Staff Application Security Engineer

 

 

Our Company

 

Teradata empowers companies to achieve high-impact business outcomes through analytics. With a powerful combination of Industry expertise and leading hybrid cloud technologies for data warehousing and big data analytics, Teradata unleashes the potential of great companies.  Partnering with top companies around the world, Teradata helps improve customer experience, mitigate risk, drive product innovation, achieve operational excellence, transform finance, and optimize assets. Teradata is recognized by media and industry analysts as a future-focused company for its technological excellence, sustainability, ethics, and business value. 

The Teradata culture isn’t just about one kind of person. So many individuals make up who we are, making us that much more unique. It’s what sets apart the dynamic, diverse and collaborative environment that is Teradata. But even as individuals, there’s one thing that we all share —our united goal of making Teradata and our people, the best we can be.

 

Our Team

 

The Application Security team is an integral part of the Product Security Team at Teradata. We evangelize security at every phase of the software development lifecycle, and work closely with developers to ensure applications are secure from inception through release. Given Teradata’s large portfolio of analytic applications, we are pushing the boundaries of security by scaling threat modeling, source code analysis, and analytic security. Our expertize lies in deep technical understanding of security and are security educators within Teradata and the wider security community. The Application Security team is tasked with building advanced security tools and methods for automating security and are dedicated open source contributors.

 

Your Opportunity

 

The Teradata Application Security Team is looking for someone who is passionate about security and understands the critical role security plays in the Software Development Lifecycle. If you like breaking software and finding the root cause, we need you. The ideal candidate will work tirelessly to uncover security issues before the bad guys do and will work withdevelopers to move security to the left in the SDLC. If you evangelize security and love to train developers to build better, more secure software, this position is for you.

 

Primary Job Responsibilities:

  • Enable automation of product security testing and find innovative ways to scale the security team
  • Evaluation of new technologies, tools, and/or development techniques that impact security
  • Work with DevOps engineers to integrate static and dynamic analysis security tools into CI/CD pipelines
  • Serve as subject matter expert for static and dynamic analysis security tools
  • Interpret security tools and penetration testing results and describe issues and fixes to developers
  • Provide vulnerability remediation guidance and mentoring to product development software engineers
  • Develop a product fuzzing system to find security defects and where they reside in source code
    Develop companywide security projects to discover security defects in source code, dependencies, and/or other artifacts
  • Build metrics to track security defects and automate collection of security information to derive metrics
  • Build a metrics collection platform in AWS
  • Develop application security and product best practices to standardize security practices
  • Provide security guidelines for the organization to protect critical assets and data
  • Assist in the software security certification process for the organization
  • Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements

 

Qualifications

 

Primary Job Skills:

  • Self-starter yet work as part of a team.
  • Excellent written and verbal communication skills are required.
  • Ability to communicate effectively with business representatives in explaining security topics clearly and where necessary, in layman's terms.
  • Capable of standing up a high-availability application in AWS
  • Experience with Cloud and virtualized technology in environments such as AWS, Azure and VMware
  • Candidates must be able to explain vulnerabilities and weaknesses in the OWASP Top 10, WASC, and/or CWE 25 to any audience, and discuss effective defensive techniques.
  • Deep understanding of HTTP and SSL/TLS protocols, and Web applications
  • Knowledge of networking fundamentals (all OSI layers)
  • Knowledge of the Windows and *NIX operating systems
  • Familiarity with Docker and Kubernetes
  • Understanding of authentication protocols and frameworks to include OAuth, OpenID, and/or AWS IAM
  • Familiarity with dynamic and static analysis tools
  • Deep understanding of continuous integration / continuous deployment processes and tools
  • Ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security experts
  • Ability to automate tasks using a scriptinglanguage (Python, Perl, Ruby, etc).
  • Ability to program in Python, Ruby, Java, C, and/or C++
  • Experience working with DevOps tools such as Puppet, Chef, Cloud Formation, etc.
  • Familiarity with common reconnaissance, exploitation, and post exploitation frameworks

 

Education:

  • MS/BS degree in Electrical Engineering, Computer Science, Information Technology, or related field. Advanced degree highly preferred

 

Requisition Number201084