Lead Security Engineer - Remote
WHY CRESTRON At Crestron Electronics, Inc we build the technology that integrates technology.We are proud to be the largest and most recognized brand in automation and control solutions, and the premier technology partner for Fortune 500 businesses globally. Our products are integrated into new high-tech commercial buildings to include some of the most exciting real estate throughout the world. Our clients include Google, Microsoft, Amazon, LinkedIn and many others. We are the leaders in one of the most exciting and fastest growing industries in the world! Our automation and control solutions for homes and buildings allow our clients to control entire environments with the push of a button, integrating systems such as Audio Visual, Lighting, Shading, Security, Building Management Systems and HVAC to provide greater comfort, convenience and security. OVERVIEW Crestron is in need of an additional Senior Security Engineer to help existing security team members improve and maintain security posture of our Firmware, Software and Cloud-based products and services. A senior security engineer is required to identify, define and implement mechanisms to protect our assets from all forms of attacks. The senior security engineer is expected to develop threat models, identify and test the various forms of threat vectors that can be used to compromise our products and services. RESPONSIBILITIES Analyze Crestron products and cloud-based infrastructuress to identify vulnerabilities, risks and application of standard practices for hardening Understand product features and use cases to contribute or lead security requirement reviews to derive associated threat models and related user stories Prepare and conduct manual pentests needed to detect and remediate known and zero day vulnerabilities Develop automation scripts to automate mundane security testing Identify, record, document product vulnerabilities and escalate their severity based on impact to product security Perform security code review of Crestron products and services Research on platform specific vulnerabilities (Android, Linux Libraries) and keep abreast of CVEs and report the same to internal stakeholders Create security documents, design standard operating procedures, report findings and track them to closure by working with related stakeholders Present security reports to senior management post completion of security audits Suggest/Recommend improvement in existing deployment guides Adjust to rapidly changing requirements and timelines Track record of completing assignments on time with a high degree of quality QUALIFICATIONS Minimum Bachelor's degree in Engineering. (Preferably in Computer Engineering or Computer Science ) Minimum of 5 years of experience spanning across technical, network and security architecture. Experience or knowledge in embedded and server based operating systems, cloud-based architectures, access control, application and configuration of network security appliances 3-5 years' experience mentoring or leading other engineers. Good understanding of network protocols - TCP/IP, ICMP, HTTP Good understanding of cryptographic protocols - SSL/TLS and cipher implementation Good understanding of Nix Platforms Good understanding of shell scripts, C/C+
and .NET based programs Proficiency in conducting manual/expert security code reviews in .NET, C/C++, Python Proficiency in Network Penetration Testing and Application Security Testing Solid Experience in Web Application Penetration Testing including SOAP/REST APIs Knowledge of Azure IaaS and PaaS architectures and resources,with added advantage if candidate has experience in Azure Security Center Knowledge of all components of a SaaS Multi-tenant product architecture. Knowledge of industry standards and compliance frameworks:
CIS, NIST, FEDRAMP Experience in at least 1 of the Static Code Scanning Tools like Fortify ,Coverity, Checkmarx. Experience with Dynamic Scanning Tools like IBM APPSCAN, Burp Suite, Acunetix Knowledge of Angular JS, MVC/MVVM Framework Knowledge of Programming Languages- Python/PowerShell, .NET/Java, C,C++
Salary Range:
$80K -- $100K
Minimum Qualification
Systems Architecture & Engineering, IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
and .NET based programs Proficiency in conducting manual/expert security code reviews in .NET, C/C++, Python Proficiency in Network Penetration Testing and Application Security Testing Solid Experience in Web Application Penetration Testing including SOAP/REST APIs Knowledge of Azure IaaS and PaaS architectures and resources,with added advantage if candidate has experience in Azure Security Center Knowledge of all components of a SaaS Multi-tenant product architecture. Knowledge of industry standards and compliance frameworks:
CIS, NIST, FEDRAMP Experience in at least 1 of the Static Code Scanning Tools like Fortify ,Coverity, Checkmarx. Experience with Dynamic Scanning Tools like IBM APPSCAN, Burp Suite, Acunetix Knowledge of Angular JS, MVC/MVVM Framework Knowledge of Programming Languages- Python/PowerShell, .NET/Java, C,C++
Salary Range:
$80K -- $100K
Minimum Qualification
Systems Architecture & Engineering, IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
