**PERMANENT** Sr Product Security Specialist to Conduct thorough reviews of existing
Détails du poste
Secteur : Automobile
Spécialité : Serv. - Préposé(e) de service
Horaire : À déterminer
Type de poste : Permanent
Salaire :
Langue(s) parlée(s) :
Langue(s) écrite(s) :
Description du poste
PERMANENT Sr Product Security Specialist to Conduct thorough reviews of existing, new, and proposed products using a combination of source code, dynamic, and dependency scanners, supplemented by manual code reviews and security-focused architecture evaluations for our large Fleet Management client
Duration-PERMANENT
Location- Fully Remote (Working on Eastern hours)
Responsibilities
- Review existing/new/proposed products with a variety of source code, dynamic and dependency scanners, manual code reviews and security-based architecture reviews as required
- Manually validates scanner findings by tracing source code for a variety of code bases (C#, .net, Java, js/ts/html, swift, kotlin, python, C, firmware) (Not all Required) and provides developer level suggestions for code remediation.
- Explain risk assessments at both the developer (technical) and management (Non technical) levels.
- Write and maintain scripts/code (bash and python) to generate scan input packages, automate security scanner execution and integrate scanners with CI pipelines and Google Cloud storage and reporting mechanisms.
- Update scanning scripts quickly, and refactor as needed.
- Contribute to secure coding standards (involves developing secure coding training for current and future developers).
- Perform technical writing of assessment reports and vulnerability descriptions for product owners and developers.
- Look at the bigger picture and question whether the coverage is sufficient, and if not make recommendations to address coverage gaps.
- Follow through to prevent things falling through the cracks. Prioritizes work that benefits the team. Escalates issues in a timely manner.
- Support Geotab global strategic initiatives.
MUST HAVES
- 3-5 years of experience with security evaluation/analysis and security code reviews
- Experience using source code, dynamic and dependency scanners (e.g. Veracode, Fortify, Sentinel, owasp dependency, NetSparker, Qualys etc.)
- Can evaluate security tools, identify their strengths and weaknesses, and make recommendations about tools, configuration
- Knowledge of programming languages (e.g. C, C#, .NET, Python, Javascript/Typescript); web service technologies (e.g. XML, JSON, SOAP, and REST.); dependency package managers such as npm, nuget, and how they are specified in code.
- Ability to pick up new programming languages quickly.
Formation(s)
