Lead Security Engineer

Boston, MA, United States

Description:

The Lead Security Engineer will build and lead a team of application security experts in Security Innovation's Boston Headquarters. This position will report directly to the Director of Security Services and assist with customer sales while focusing primarily on billable projects. Their team will assesses the security of software systems for Security Innovation's global client base of technology vendors and enterprise IT organizations. The successful candidate will possess strong leadership skills, a background leading a team of security engineers, a deep understanding of application security and the ability to build a team of security experts.

The candidate will be an expert in application security design and code review, application security testing and application security research. The ideal candidate has a strong involvement in the software security community and is passionate about software and security while at work and on personal time.

The candidate will be expected to lead the team, assist with customer sales, while still focusing at least 50% of their time on billable, customer facing projects.

A successful candidate will be well versed and capable in the following areas:

  • Strong communication, leadership and personal skills
  • Ability to speak clearly to customers and clients in a trusted, clear way
  • Application penetration testing
  • Manual and/or automated code analysis
  • Strong development skills
  • Deep security research background
  • Experienced with customer technology assessment and security risk analysis

Responsibilities:

  • Lead a team of security engineers in Security Innovation's Boston office
  • Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile and more
  • Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications
  • Create threat models that result in more secure application design
  • Design and develop security testing scenarios
  • Analyze and present results of testing to team members, managers and customers
  • Write detailed problem reports, test plans documents and mitigation recommendations as needed
  • Develop tools to aid penetration test automation and effectiveness
  • Review code for common security vulnerabilities

Qualifications:

  • Minimum 5 years' experience in the field of application security
  • Minimum 2 years' experience leading a successful team in the industry
  • B.S. Degree in Computer Science or equivalent experience
  • Strong knowledge of application design, development and testing techniques
  • Knowledge of specific attack types and common security bug categories
  • Knowledge of a variety of programming languages (C/C++, Java/J2EE, .NET, ASM)
  • Strong capacity for debugging application and security issues
  • Thorough knowledge of the Windows OS (XP, NT, Win2K etc.) and/or Linux and Unix variants