Staff Engineer - Product Security - Code Review, Owasp, Vulnerability, Devsecops Job in Vmware
Staff Engineer - Product Security - Code Review, Owasp, Vulnerability, Devsecops
- Pune, Pune Division, Maharashtra
- Not Disclosed
- Full-time
Job Description
Business Summary
VMware is the leader in virtualization and cloud infrastructure solutions that enable our more than 350,000 enterprise and SMB customers to thrive in the Cloud Era. A pioneer in the use of virtualization and automation technologies, VMware simplifies IT complexity across the entire data center to the virtual workplace, empowering customers with solutions in the software-defined data center to hybrid cloud computing and the mobile workspace.
Our team of 20,000+ people working in 50+ locations worldwide are committed to building a community where outstanding people want to work long term by living our values of passion, innovation, execution, collaboration, active learning and giving back. If you are ready to accelerate, innovate and lead, join us as we challenge constraints and problem tackle for tomorrow today.
VMware Carbon Black Cloud is a next generation security service to protect applications and data running on virtualized and cloud infrastructure. We are fundamentally changing how organizations of are securing their critical applications and data in both the private and public cloud. With 6000+ customers we are a leading next generation product providing NGAV and EDR solutions.
Roles and Responsibilities
- As an Application Security Architect within the VMware Carbon Black Security Business Unit, you will engage with engineering architects across Carbon Black to perform threat modeling and security reviews of architecture, design, code and open source vulnerability throughout the SDLC process.
- You will work with engineering architects to provide mitigation and potential remediation recommendations for security issues found from pen tests, static (SAST) and dynamic (DAST) code, analysis etc.
- You will provide technical inputs for security evaluations like SOC 2, GDPR, FIPS, Common Criteria and FedRamp.
- You will clearly communicate the security plan - including the risks and controls in place for key stakeholders and apprise senior management on the product security status.
Required Skills
- 12-15 years of demonstrated industry experience, spanning software development and application engineering, with at least 8 to 10 years of product security experience as an architect.
- Strong hands-on experience with full-stack security assessment, threat modeling, developing security solutions across the full spectrum of application technologies in an agile environment.
- Expertise in vulnerability analysis (e.g., design flaws, data-flow analysis etc.) and OWASP Top 10.
- Strong architecture skills in cloud technologies, especially AWS.
- Practical experience with creating a secure design process and DevSecOps-based CI/CD pipeline.
- Broad experience with 3rd-party tools for detecting external and internal security threats.
- Experience with CVE/NVD, NIST guidelines and exposure to other compliance frameworks like FIPS 140-2, Common Criteria and FedRAMP.
Required Soft Skills
- Ability to influence without authority.
- High enthusiasm in coaching, augmenting and developing the entire product team in secure practices.
- Excellent verbal and written communications skills.
Preferred Skills
- Security certifications like CISSP.
- Experience with programming in Java.
- Experience developing Product Security Policies and Procedures.
Fresher
2 - 4 Hires