Security Engineer
Job Description Job Description Major purpose:
This position will perform day-to-day application security duties to support Grainger's efforts to increase and improve our security posture across various application platforms.
Position will have a direct impact on expanding and maturing Grainger's application security program.
Position will be a member of the Security Engineering team and will work directly with development resources.
Major responsibilities and duties:
Define application security strategies and procedures Define and maintain operational processes to ensure expected software development results Research, recommend, evaluate, integrate, deploy and tune security tools including static and dynamic application security testing suites Develop and maintain security utilities and provide metrics dashboards/reports helping development teams with compliance visibility and tracking Evaluate software security technologies and products, review of existing technologies to ensure value and relevancy Augment the Continuous Integration and Continuous Deployment pipeline to include security controls Perform code audits on internal and open source libraries for use within our products Triage and remediate reported security issues Provide forensic analysis and remediation during application related incidents Conduct developer security awareness training and provide technical leadership and mentorship Requirements:
5 years or more of related hands-on JAVA coding with secure product development experience (Also desired:
JavaScript, C Number, C Plus Plus, Objective C, Swift) 2 or more years of application security experience, including a thorough understanding of issues detailed in the OWASP Top 10 and SWE Top 25 Experience with DevOps/SecDevOps strategies is desired Deep understanding of information security principles as well as Defense-in-Depth strategies Practical experience with product development teams in a security engineering role is preferred CI/CD experience and security through automation is highly desirable Ability to conduct application security assessments and conduct vulnerability remediation of applications and services Demonstrate the ability to exploit and mitigate application related vulnerabilities Proficiency in performing risk, business impact, control and vulnerability assessments Ability to provide detailed security data analysis identifying inconsistencies and abnormal behavior Ability to clearly explain security issues found and ensure actions are clear to those responsible for remediation Experience developing, maintaining and administering of authentication systems Optional:
Strong understanding of cryptography related to application programming and data protection (encryption, hashing, PKI, key management, etc.
) Practical experience conducting web application security reviews and network-based penetration testing Ability to adapt to changes in priority to meet security needs of a highly agile security organization.
Estimated Salary: $20 to $28 per hour based on qualifications.
This position will perform day-to-day application security duties to support Grainger's efforts to increase and improve our security posture across various application platforms.
Position will have a direct impact on expanding and maturing Grainger's application security program.
Position will be a member of the Security Engineering team and will work directly with development resources.
Major responsibilities and duties:
Define application security strategies and procedures Define and maintain operational processes to ensure expected software development results Research, recommend, evaluate, integrate, deploy and tune security tools including static and dynamic application security testing suites Develop and maintain security utilities and provide metrics dashboards/reports helping development teams with compliance visibility and tracking Evaluate software security technologies and products, review of existing technologies to ensure value and relevancy Augment the Continuous Integration and Continuous Deployment pipeline to include security controls Perform code audits on internal and open source libraries for use within our products Triage and remediate reported security issues Provide forensic analysis and remediation during application related incidents Conduct developer security awareness training and provide technical leadership and mentorship Requirements:
5 years or more of related hands-on JAVA coding with secure product development experience (Also desired:
JavaScript, C Number, C Plus Plus, Objective C, Swift) 2 or more years of application security experience, including a thorough understanding of issues detailed in the OWASP Top 10 and SWE Top 25 Experience with DevOps/SecDevOps strategies is desired Deep understanding of information security principles as well as Defense-in-Depth strategies Practical experience with product development teams in a security engineering role is preferred CI/CD experience and security through automation is highly desirable Ability to conduct application security assessments and conduct vulnerability remediation of applications and services Demonstrate the ability to exploit and mitigate application related vulnerabilities Proficiency in performing risk, business impact, control and vulnerability assessments Ability to provide detailed security data analysis identifying inconsistencies and abnormal behavior Ability to clearly explain security issues found and ensure actions are clear to those responsible for remediation Experience developing, maintaining and administering of authentication systems Optional:
Strong understanding of cryptography related to application programming and data protection (encryption, hashing, PKI, key management, etc.
) Practical experience conducting web application security reviews and network-based penetration testing Ability to adapt to changes in priority to meet security needs of a highly agile security organization.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
