【Blackboard上海研发中心】-在线教育软件开发领军者招聘软件安全工程师
Software Security Engineer III, Security EngineeringThe Blackboard Learn Product Security Team is responsible for the security and availability of products offered by the Learn division including Blackboard Learn, Xythos, and ANGEL.
We are a collegial team looking for a Software Security Engineer with experience in building secure web applications to help ensure our web services, applications, and platform are designed and implemented to industry practices.
If you enjoy analyzing the security of applications and services, discovering and addressing security issues, collaborating with customers and employees worldwide, assessing designs against relevant security threats, this position will provide you with a challenging opportunity to learn and grow.
Bring your passion for learning, experimentation, and creative thinking!
Even if you don’t fit this description exactly, but you’ve got a great software development background having dealt with application security issues (like PCI compliance), please contact us too!
Key Responsibilities
Provide advice and consultancy on risk assessment, identification of relevant threats (threat modeling) and fixing vulnerabilities
Share architectural and technical guidance with product development team while maintaining a thorough understanding of products
Master a solid understanding of the security architecture of the Blackboard Learn product suite.
Investigate and respond to third-party reported security vulnerabilities.
Coordinate security testing, including definition of scope, coverage, and management of cross-functional remediation plans.
Perform manual penetration testing and verification of Web 2.0 applications
Leverage automated security tool results to support manual analysis.
Lead source code review using static analysis tools for critical areas of the application
Provide guidance on the design and correct implementation of planned security controls such as encryption, log management, and authentication.
Develop prototypes of security features in the application
Design security test cases for both dynamic and static analysis testing tools to broadly assess the application
Contribute to security policy, standards, and guidelines
Develop training materials for general security awareness and specific security engineering training
Scripting experience to contribute to security testing automation.
Basic Qualifications
Bachelor's Degree in Computer Science or related field
Programming experience in Java and JavaScript
Knowledge of security testing tools and methodologies.
Minimum of 4 years experience with any combinations of the following: penetration testing, automation, threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system and network security
Preferred Qualifications
Experience working collaboratively with engineers to provide design-level assessments of security risks and corresponding mitigating controls to ensure that privacy and security needs are met in user interface and technical design (security design reviews)
Experience performing security reviews on: RESTful web services, Java web applications, JSON, Server-side JavaScript (e.g. Node.js), jQuery
Familiarity with Blackboard Learn products
Technical knowledge in web server, application server, operating system and network security
Exhibit a proactive, solutions based and resourceful approach
Experience building scalable infrastructure software or distributed systems
Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid "analysis paralysis")
Strong sense of ownership, urgency, and drive
Sharp analytical abilities and proven design skills
工作地点: 浦东南路588号浦发大厦27楼
交通: 地铁二号线东昌路站
页:
[1]