AT&T Senior Security Engineer (Government) in Washington, District Of Columbia

AT&T’s Government Customer is looking for a resource to provide software security engineering assurance and support by reviewing the design of new and existing systems and conducting code reviews. Security review will result in detailed recommendations for changes in the architecture and recommend configurations, as well as for software vulnerability remediation advice. Advises system owners, software development teams, administrators, project managers and other stake holders on best practices for designing secure systems and software assurance. Participates in design reviews, project meetings and provides input to the change control process. Prior job titles in resume may include: Software Quality Engineer, Software Security Assurance Engineer, or Code Review Specialist.

Key tasks include:

  • Reviewing security architectures, firewall configurations, IDS/IPS, and security controls for new and proposed systems

  • Architect, design, implement, support, and evaluate security-focused tools and services including project leadership roles

  • Providing software vulnerability remediation advice to software developers and software development teams.

  • Implementing static security testing tools within Continuous Integration systems

  • Experience creating secure online applications during one or more phases of the SDLC including requirements, design, development, and pre and post deployment testing.

  • Experience developing APIs

  • Test and evaluate products in a lab environment

  • Provide input into the development of security policies and procedures

  • Provide detailed security recommendations for the secure development of systems

  • Create, test and optimize Web Application Firewall (WAF) profiles

  • Evaluate and recommend new and emerging security products and technologies

  • Provide security operations support as needed

  • Participate in projects that develop new intellectual property

  • Evangelize security within the organization and be an advocate for customer trust

  • Bachelor’s or equivalent and 8-10 years of professional IT experience

  • Excellent written and verbal communication skills

  • Excellent leadership skills and teamwork skills

  • Results oriented, high energy, self-motivated

  • At least 3 years of hands on experience with virtualization, system, network and/or application security experience

  • Knowledge of Firewalls, IDS/IPS, intrusion detection, VLANS, routing and other network security technologies

  • Knowledge of virtualization technologies including virtual firewalls, networking and segmentation

  • Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

Commonly used tools would generally include one or more of the following:

  • Static code review tools such as: Fortify, AppScan, Veracode, Coverity, Parasoft, WhiteHat Sentinal Source, Checkmarx, Trustwave, Qualys, PortSwigger, NT OBJECTives, N-Stalker, Acunetix, Virtual Forge, Trend Micro, Quotim, Appthority, Contrast Security, Pradeo, Parasoft, Klocwork,Gramma Tech, Amorize Technologies

  • Experience using or integrating with Jenkins, Bamboo, Jira, Bugzilla, Visual Studio, Eclipse, IntelliJ, Maven

  • Knowledge of OWASP Top 10, CWE/SANS Top 25, MISRA, CERT Secure Coding Initiative, SAMATE, FDA Software Validation, Ellemtel, or NIST Software Security

  • Advanced software application development skills in one or more of the following: Java, .NET, C, C#, C++, Python, JavaScript

Required Clearance: Ability to obtain Public Trust Clearance if required. Government fingerprint and background check required.

US Citizenship or Permanent Resident Status.

AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V