Responsible for analyzing, designing, debugging and/or modifying software; or evaluating, developing, modifying and coding software programs to support programming needs. Maintain and enhance existing code with focus on implementation. Collaborate with and assist team of engineers in writing functional, design and user interface specifications. Follow software lifecycle process when developing software. Help identify solutions to problems encountered in software cycle. Review and define requirements for information security solutions. Consult with internal teams to assist in design, threat modeling and reviewing security critical code. Conduct periodic penetration test of internal applications with several millions lines of code. Plan, build and deploy infrastructure to help our engineers detect and remediation of vulnerabilities automatically. Work with external vendors to support 3rd party security reviews. Participate in design, implementation and administration of security tools to reduce risk. Focus on tools like Coverity, Blackduck, bullseye, Trustwave appscanner for continuous security and also be evaluating more tools to replace, enhance or complement existing tool sets. Manage penetration test programs to deliver high security standards in product release cycle. Employer will accept Master’s degree in Computer Science, Engineering or related technical field, and 2 years work experience in job offered or in a computer-related occupation. Alternatively, Employer will accept Bachelor’s degree in Computer Science, Engineering or related technical field, and five years of work experience in job offered or in a computer-related occupation. Any suitable combination of education, experience or training is acceptable. Position requires one year experience in the following (3 years if have Bachelor’s): 1. Application penetration tests for products covering all types of application (web application, web services, mobile applications, thick client applications, Cloud)- 2. Security solutions and security tools automation. 3. Penetration testing tools such as BackTrack, NeXpose, vulnerability scanners, tcpdump, and/or wireshark, Nmap, Nessus, Peach Fuzzer, web proxy tools Paros/ Web Scarab/ Burp suite. 4. Debugging and fuzzing applications using a variety of techniques. 5. Source code and architecture review 6. Web frameworks such as XML, SOAP, JSON and AJAX 7. cryptography principles. 8. Deliver high quality reporting on and providing fixes to identified vulnerabilities at the code level (developer friendly) 9. OWASP and other software security best practices 10. Scripting languages as bash, Perl, Python, or Ruby 11. Application development background and security knowledge (C, C#, C++, Java, J2EE) 12. TCP/IP, HTTP/HTTPS, FTP protocols.