Position: Security Software Engineer
Location: San Jose, CA
Role: We are looking for an experienced Security Software Engineer with both technical and interpersonal skills for our security engineering efforts to contribute on development of our Cuneiform application.
Description:
As a Security Software Engineer, you will be working side-by-side at the code and architecture level with each of our engineering teams to ensure security throughout our operations and technical systems, from
infrastructure to the application. Your primary focus will be on developing Go, Java, and JavaScript programs that are scalable and maintainable. You will ensure that these programs are well documented and have reasonable test coverage. You will coordinate with the rest of the team working on different layers of the infrastructure.
Responsibilities:
• Write scalable, robust, testable, efficient, and easily maintainable code
• Perform on-going security testing and code review to improve software security
• Ability to identify insecure code patterns and, consult team members on secure coding practices
• Troubleshoot and debugging issues that arise
• Maintain security technical documentation
• Develop technical solutions and new security tools to help mitigate security vulnerabilities
Requirements:
• BS or MS in Computer Science or equivalent technical degree
• Minimum of 3 years of relevant experience
• Strong background in application security development, network security, and automation
• Familiar with code versioning tools
• Excellent understanding of AAA (Authentication, Authorization, Accounting) and their differences
• Good understanding of known authentication protocols: LDAP, Kerberos, OAuth, and OIDC
• Good understanding of known authorization models: ACL, RBAC, ABAC, and CBAC
• Familiar with SAML, SSO (Single Sign-On), MFA (Multi Factor Authentication)
• Excellent understanding of PKI (Public Key Infrastructure) and its components: CA, RA, VA, TSA.
• Excellent understanding of TLS/SSL
• Good understanding of cryptography concepts such as digital signature, data integrity, message
authentication, and non-repudiation
• Excellent understanding of encryption at rest and in-transit
• Good understanding of symmetric and asymmetric cryptography
Additional Qualifications:
• Cross-platform/multi-language development experience, specially with Go, Java, and JavaScript
• Familiar with compilers or code generation tools
• Experience working with HashiCorp ecosystem, specially Vault
• CISSP, similar certification or equivalent experience
• Knowing best practices for AAA (Authentication, Authorization, Accounting), and Encryption
• Knowledge and experience in security of large scale distributed applications