Software Quality Principal Engineer (Security)

Job Description

Job Title: Software Quality Principal Engineer(Security)I8About Business Unit: At Dell EMC, you will have the opportunity to turn your ideas into a career with the worlds largest Storage and Data Protection provider. As per IDC, Dell EMC is the #1 provider for purpose built backup appliance (PBBA) with 67% market share. Our Data Protection portfolio consists of highly integrated and industry-leading products and technologies that will change the way companies approach the protection and availability of their data and applications. Data Domain is an industry leader to provide best-of-breed solution for backup and archival needs. It provides disk-baseddata protection with excellent storage efficiency using it s unique In-line Data De-Duplication technology.The SDL (Security)teamis responsible for providing customer centric manageability solutions.The focus of this team is to provide software interfaces to external and internal users to enhance their productivity. Some of the responsibilities of this team arevalidating security aspectsof user interface applications, REST service infrastructure, Health monitoring daemons, custom Linux shell, License management, User management/role-basedaccess control,Security scans, Compliance, Common Criteria, Product hardening, Follow STIG and SRG standards. SNMP support, 3rd partyproduct integration solutions, messaging middleware and databases for configuration, monitoring and reporting.Upgrade of Distro packages. Adhering to OWASP/VAPT/ NIST/FIPS/Federal/Compliance standards.Role overviewPrimary tasks will involve overall security of product. For every project, writing Securitystrategy, test plan, test executionfor Security, reporting and process improvement. Analyze customer found issues and put improvement plan. Automation and regression run. Security coverage on RBAC, Encryption, Ciphers, Protocol, LDAP, Single Sign On, Openssh/SSL, Authorization, Authentication, Accounting. Threat modeling, STIG/ SRG and CVE/CVSS analysis. Security Scan tools, Certificate management.Work on Customer escalation, Product security office CVE updates on the product line.Certifying product forFips, Common criteria, Cryptolibrary,Governance.Score card analysis. Pen testing skills with OWASP.Key Responsibilities:

• Able to take accountability of security of overall product articulatetest strategy for minor and major releases.

• Find security vulnerabilities early in release cycle. Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Able to automate scans, triage and recommendation and reduce manual effort
• Experience in system security engineer or information security engineer, Scan tools like Burpsuite, Nessus Qualys, Malware, Rootkit, Web-scan, Black-duck, twistlockrunning on all virtual environment.
• Knowledge of database and operating system securityexperience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, data encryption, etc. AWS/Azurelikecloud platform as a service (PaaS) security.
• Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols

• Constantly upgrade yourself with latest methods to test products from security dimension.
• Provide solutions to a variety of problems of moderate scopeand complexity. Use tools appropriately with technical guidance and complete tasks and assignments under normal supervision.
• CVE analysis, SLES, RHEL database analysis, 3rdparty component knowledge, Static and Dynamic code analysis. Strong knowledge of container and dockers.

Essential Requirements:

• Academic:

• Bachelor s degree 8+years experience in Computer Science or related field(Security)
• Master s degree 6+years experiencein Computer Science or related field(Security)

• Working experience in Security domain and mastery of tools for scanning.
• Advanced Automation experience in Python& necessary librariesto beable to automate,run scans, analyze results,and recommend priority/severity/impact.Reduce manual and repeatwork to near zero.

• Experience in Storage, Filesystem, Data protection and/or Backup & Recovery software security.
• Must have excellent communication skills, both verbal and written.
• Must be a team player who likes to work in a high energy Agile atmosphere
• Any of the following certification adds advantage.
• Certified Information Systems Security Professional (CISSP)

• CISA Certified Information Systems Auditor (CISA)
• CEH Certified Ethical Hacker (CEH)or Masters.
• CISM Certified Information Security Manager (CISM)
• ISSAP Information Systems Security Architecture Professional (ISSAP)
• ISSEP Information Systems Security Engineering Professional (ISSEP)

,

Keyskills :
javalinuxjavascriptframeworkcertified information security managercertified ethical hackerdata domainfile systemweb serviceslog managementsecurity toolscommon criteriathreat modelingcomputer sciencesecurity systemscustomer centricequipme