Staff Security Software Engineer - Platform Security(Application Security, Vulnerability Management, Threat modeling, and Threat Management Systems)

Job Summary & Responsibilities: 

• Proven experience in platform security as a technical hands-on leader for platforms ranging from Cloud PaaS, dedicated enterprise tech stacks for modern control-plane with distributed data-plane deployments.
• One or more of the following: 
• Experience of regulatory needs, ability to run through an internal process to deliver compliance mandates. Ex: FedRAMP, FISMA, FIPS, ENISA etc.
• Vulnerability assessment, ability to pick the right tools and architect left-shifted vulnerability scanning needs.
• Platform security needs: Key Management / Cryptography, Certificate Mgmt and delivery of connected Apps with AuthN, Identity/IAM and ability to integrate federated ID, MFA with third party solutions.
• Platform / OS hardening, lock-down of Apps, Infra access.
• Generic responsibilities:
• Design, develop and deliver next-generation Security products
• Design and implementation of security tooling within the SDLC
• Build & automate threat modeling around developer code bases and releases
• Security workflow automation from security testing, vulnerability patching, secure configuration management and threats alerts and notifications
• Promote secure coding practices
• Act as liaison with the greater Cohesity Engineering, IT, Information Security functions.
• Provide technical leadership and mentoring to team members.

Job Requirement:

• BS/MS/Ph.D. in Computer Science
• 10+ years in software development with data structures/algorithms.
• 3+ years of demonstrated experience with software design and architecture.
• Hands-on coding skills in at least one of the following languages: Python, Java, Golang
• Experience in developing Security products and security features in existing products.
• Expertise with security tooling and standard processes for implementation in development pipelines and infrastructure.
• Experience with Application Security Testing, Penetration Testing, Security event management, vulnerability management, threat modeling, and threat management systems
• Experience with programming languages such as Python, Java, and Golang
• Validated expertise with container and VM technology and security
• You have a strong grasp of the SDLC
• Proven understanding of cloud computing - AWS, GCE, Azure, etc.
• Knowledge in Storage, File systems, or Data Protection is a plus
• Motivated to tackle sophisticated problems and challenges.
• Familiarity with dynamic deployment models and developer feedback loops
• And of course, a passion for security