Full Stack Security Engineer (Hands on development, OWASP, DAST, SAST) / Scottsdale, AZ ,10 Months C
Apply NowCompany: Suncap Technology, Inc.
Location: Scottsdale, AZ 85254
Description:
Looking for a Senior Full Stack Security Engineer who is passionate about designing and building secure platforms and applications. The ideal candidate will feel comfortable working with both front-end and back-end application developers, as well as in building, automating and securing on-premise as well as cloud based applications, preferably on the Google Cloud Platform(GCP).
Minimum of 5+ years of total IT related experience.
3+ years implementing/utilizing Federal, Industry and Open Source Security Guidance and Secure Coding Practices (OWASP Top 10, SANS, CERT, CWE Top 25, Critical Security Controls, Cloud Security Alliance, SafeCode etc.)
3+ years with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks
3+ years with networking, infrastructure, secure application development and security automation (DevSecOps).
3+ years of hands on knowledge building and deploying secure complex distributed web and mobile applications.
The selected candidate will be working with a strong team to help transform the way systems are built, secured, authorized and securely operated for continuous compliance and risk mitigation. Specifically, this candidate will help lead efforts to implement security patterns and practices with orchestration and automation tools that automate the secure configuration, verification, compliance and authorization of systems. They will be a key member of a team tasked with maturing the organization's software development and security practices.
- Familiarity with the chrome/Firefox/Internet explorer Development tools to see the request/repones headers
- Basic understanding of Http Request/Response headers for web and Restful api calls
- bility to explain in detail any of the OWASP top 10 vulnerabilities
- Cross Site scripting , Injection attacks , SSRF,CSRF, XML entity etcc.
- Basics of API Security
- JWT
- OAUTH/OIDC/PKCE
- PI replay attacks
- Familiarity of any Java/Spring boot questions.
- High-level understanding of containers ,specifically how to create and deploy docker image in any cloud environment
- Familiarity with NodeJS any questions
- Familiarity with any Security scanning tools (SAST,DAST,SCM,Container/Cloud)
- Nice to have cloud development experience ( Google Cloud/ AWS )
Minimum of 5+ years of total IT related experience.
3+ years implementing/utilizing Federal, Industry and Open Source Security Guidance and Secure Coding Practices (OWASP Top 10, SANS, CERT, CWE Top 25, Critical Security Controls, Cloud Security Alliance, SafeCode etc.)
3+ years with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks
3+ years with networking, infrastructure, secure application development and security automation (DevSecOps).
3+ years of hands on knowledge building and deploying secure complex distributed web and mobile applications.
The selected candidate will be working with a strong team to help transform the way systems are built, secured, authorized and securely operated for continuous compliance and risk mitigation. Specifically, this candidate will help lead efforts to implement security patterns and practices with orchestration and automation tools that automate the secure configuration, verification, compliance and authorization of systems. They will be a key member of a team tasked with maturing the organization's software development and security practices.