Common Securitization Solutions (CSS) is seeking an experienced Lead Software Security Engineer to join our team of talented professionals in Bethesda, Maryland.
How many times in your career do you get the opportunity to do something that’s never been done? To create something that will change an entire industry? CSS is building the Common Securitization Platform to issue and manage mortgage securities. We’re looking for people who can walk in two worlds – a start-up environment where development is collaborative and rapid; and a production environment where we run and monitor the performance of the platform. Longer-term, this platform could serve the entire US housing finance industry. Sound transformative? It is. Come join us and help create something remarkable.
Common Securitization Solutions (CSS) is committed to safeguarding the confidentiality, integrity and availability of the CSS platform and its data. Information Security utilizes a Risk Management Framework, based on NIST 800-53 security controls, to secure its application (MA) and infrastructure (GSS). Accordingly, a wide range of enterprise tools balanced with processes are utilized to support a defense in depth strategy.
As CSS expands and matures its information security capabilities, we are looking to hire a Technical Lead Software Security Engineer responsible for effectively managing security controls with a focus on supporting all aspects of software security engineering.
We seek a self-driven, experienced and knowledgeable candidate who has a proven track record in information security engineering and team leadership. A candidate who not only has the technical expertise but the interpersonal skills to work collaboratively with Infrastructure, Development, Information Security and Risk Management teams.
This individual will be working in a high-performing technical environment supported by a diverse group of knowledgeable individuals. The candidate is expected to be hands-on, technical and able to support multiple security engineering efforts with a focus on Java.
The position provides an opportunity to participate in an energetic and fast-paced environment using the latest technology and tools to build and secure a one-of-a-kind financial services processing platform running in a virtual cloud-based datacenter.
Key Job Functions
Support the planning and execution of the Software Security Program. The candidate will be responsible for organizing, directing and managing activities, milestones and resources to support the agreed upon yearly objectives.
Ensure that all software security services are operating and all tasks are performed within established program guidelines and budget.
Assist with the creation, development and management of reports that reflect the progress of program.
Use source code and vulnerability scanning tools as well manual analysis techniques to evaluate the CSS application for effective use of security controls while identifying security gaps.
Conduct assessments and read-out calls with the appropriate development team to review each vulnerability, answers questions associated to the vulnerability, and provide mitigation/remediation strategies/solutions.
Liaison directly with other members of Information Security, as well as Enterprise Risk Management, Infrastructure and Platform Development to create, maintain and improve efforts associated with CSS security control objectives.
Train and advise application security engineers and, when applicable, internal customers on security practices and controls, existing services and process and the use and support of tools needed to fulfill a service.
Research, implement and enable new security features or technologies as well as identify and implement improvements to existing processes and supporting software tools to continually improve the team’s effectiveness and efficiency through automation.
Deliver solutions that cover and conform to required Information Security controls as stated in policies, procedures and standards.
Keep apprised of developing technologies and emerging threat landscape as it relates to their job responsibilities. To that end, CSS is committed to investing in its employees by offering progressive education benefits meant to help candidates keep pace with technology.
Minimum of 6 years of hands-on software security engineering using both manual and automated techniques.
Software engineering constitutes, but not limited to, evaluating applications for security controls, application and network penetration testing, code review and malicious code detection.
Specialized Knowledge & Skills
Technical proficiency and knowledge in reviewing application source code with a focus on accepted industry guidelines (OWASP Top 10, SANS Top 20, CIS Benchmarks).
Familiarity with information security policies, standards, industry best practices and frameworks (NIST 800-53, FISMA).
Relevant tool experience with static code analysis tools such as Fortify SCA; web vulnerability scanners such as HP WebInspect or IBM AppScan; open source vulnerability scanners such as Blackduck or Sonotype; assessment support tools such as BurpSuite ,or Metasploit.
Ability to undertake and complete tasks independently, meet schedules & delivery timelines, and to move swiftly from concepts and theory to action.
Ability to lead multiple project teams; give directions and ensure that tasks are executed consistently.
Desirable: - CISSP, CEH, Security +, CHFI, CCSP, SSP, OSCP, and/or GWAPT Certifications.
As a condition of employment with Common Securitization Solutions, any successful job applicant will be required to pass a pre-employment drug screen and to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.
Common Securitization Solutions is an Equal Opportunity Employer.