Security Engineering Specialist III

What you'll be doing...

You would be part of the Security Maven team in Verizon Consumer Group (VCG) and would be playing the role of Security Engineering-III in the VCG portfolio. This is a team of high performing Security Mavens to provide strategic direction, technical solutions to refine and implement Security Engineering Practices - aimed at mitigating fraud and security threats across all endpoints and architectures deployed across VCG portfolio.

• Working closely with VCG Application Development, App Security teams and other Key stakeholders in strategizing Security Engineering Practices and mitigating the Security Vulnerabilities.
• Supporting customers with major platform issues and coordinating triage efforts to solve them.
• Documenting and maintaining architectural guidance to ensure performance and scalability of the platform.
• Adhering to industry standards and best practices and understanding emerging technologies and trends to continuously improve the systems, application, infrastructure, and processes.

Where you'll be working...

This hybrid role will have a defined work location that includes work from home and assigned office days as set by the manager.

What we're looking for...

Application Security Skills:

• Secure Coding Practices: Deep understanding of secure coding principles and common vulnerabilities (OWASP Top 10, SANS 25) in various languages (e.g., Java, Python, .NET, JavaScript).
• SAST/DAST/IAST Expertise: Proficiency in using and interpreting results from Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and ideally Interactive Application Security Testing (IAST) tools.
• Open Source Software (OSS) Security: Knowledge of common OSS vulnerabilities, license compliance issues, and tools for managing OSS risks.
• Threat Modeling: Ability to perform threat modeling exercises to identify potential security weaknesses in application architectures and designs.
• Cloud Security (for Cloud-Native Apps): Familiarity with cloud security concepts, including secure configuration of cloud services (e.g., AWS, Azure, GCP), identity and access management (IAM), and cloud-native security tools.
• Logging and Monitoring: Experience with implementing and analyzing security logs, setting up security information and event management (SIEM) systems, and using intrusion detection/prevention systems (IDS/IPS).
• DevSecOps Practices: Understanding of integrating security into the software development lifecycle (SDLC) using DevSecOps methodologies and tools.

Platform Security Skills:

• Cloud Security: Strong knowledge of cloud security best practices, including securing cloud infrastructure (compute, storage, network), managing cloud access, and implementing security monitoring in cloud environments.
• Container Security: Expertise in securing containerized applications and their underlying infrastructure (e.g., Docker, Kubernetes), including image scanning, runtime security, and container orchestration security.
• Vulnerability Management: Proficiency in using vulnerability scanning tools (like Tenable) for both network and application layers, prioritizing vulnerabilities, and coordinating remediation efforts.
• Hardware Security: Understanding of hardware security concepts, including firmware security, hardware-based encryption, and physical security measures.
• Incident Response: Experience with incident response processes, including detection, containment, eradication, and recovery, as well as post-incident analysis.

Additional Important Skills:

• Automation and Scripting: Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating security tasks and integrating security tools.
• Communication and Collaboration: Excellent communication skills to effectively convey security findings to technical and non-technical audiences and collaborate with development and operations teams.
• Problem-Solving and Analytical Skills: Strong analytical and problem-solving abilities to investigate security issues, identify root causes, and develop effective solutions.

You'll need to have:

• Bachelor's degree or four or more years of work experience.
• Four or more years of relevant work experience.
• Deep understanding of secure coding principles and common vulnerabilities (OWASP Top 10, SANS 25) in various languages (e.g., Java, Python, .NET, JavaScript).
• Strong hands-on experience in SAST/DAST/IAST/OSS to join our growing security team. You will play a key role in ensuring the security of our applications and infrastructure through the implementation and management of various security testing methodologies
• Strong knowledge of cloud security best practices, including securing cloud infrastructure (compute, storage, network), managing cloud access, and implementing security monitoring in cloud environments.
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating security tasks and integrating security tools.

Even better if you have one or more of the following:

• Master's Degree.
• Advanced Professional Security Certifications in Security Engineering, Defensive Operations, and Security Analysis like CEH,ECSA, etc.
• One year of experience in threat modeling practices into the Software Development Lifecycle.
• Two years of applied knowledge of Splunk, SPL and anomaly detection and visualization development.