Product Security Engineer

Company: NSS
Location: Virginia Beach
Posted on: April 28, 2024

Job Description:

We are working on a project that tackles the problem of managing large-scale IT networks. We are seeking talented and highly motivated engineers to join us in bringing this project to a larger audience. You would be responsible for helping to create, evolve, document, and implement security development and deployment practices for a product that's delivered both on-premises as well as to the cloud.

Our product is a .NET Core application (with some TypeScript and Python components backed primarily by PostgreSQL, that serves both a web frontend and REST API. The application source is hosted in GitLab, and we use merge requests and GitLab CI to manage our code contribution workflows.
Things we really need

• Experience maintaining a secure software supply chain (monitoring for CVEs, creating SBOMs, etc.)
• Experience evaluating security best practices and applying them to processes and assets
• Experience reviewing code and architecture to identify potential security issues
• Experience writing internal documentation around security evaluations and decisions
• Experience with security monitoring infrastructure (log analysis, web application firewalls) Things we want too
  • Familiarity with writing infrastructural code in support of security goals (abstractions, constraints, etc.)
  • Familiarity with working with developers to help them learn and self-apply secure development principals
  • Familiarity with government/industry security auditing processes
  • Specific familiarity with web security concepts and best practices (TLS/HTTPS, common web vulnerabilities, federated authentication, etc.) Things that are extra cool
    • Specific familiarity with government programs pertaining to secure application development (STIGs, APL, NIAP)
    • Specific experience with the Microsoft web application development stack (C#, .NET, ASP.NET)
    • Specific experience with AWS security tooling
    • Experience with static application security analysis tools Our end of the bargain
      • Remote-first environment (if that's your thing)
      • Dedicated collaborative office space in NoVA (if that's your thing)
      • We respect work/life balance
      • Occasional on-site team summits
      • Competitive salary and annual reviews Our perfect candidate in summary: Someone currently working within product security but has a background in software development, preferably .Net

Keywords: NSS, Virginia Beach , Product Security Engineer, Engineering , Virginia Beach, Virginia