Product Security Engineer
Company: EMC is now part of Dell Technologies
Posted: September 28, 2016
Reference ID: 170871BR
This position is part of the Product Security team. The Product Security team ensures consistent product security adoption across EMC. It also conducts security training for Engineering and it implements the Security Development Lifecycle across engineering groups to ensure they deliver secure products.. Finally, the Product Security team manages EMC’s responses to product security vulnerabilities.
Not only does the team help EMC to deliver secure information infrastructure offerings to customers, but it also supports EMC’s security thought leadership position. The members of the Product Security team are committed to raising visibility in the marketplace for VCE Security solutions, and they work daily to tighten the association of security with the overall EMC brand.
PRINCIPAL DUTIES AND RESPONSIBILITIES
+ Act as a technical resource for the EMC Security Response Center
+ Perform analysis on the vulnerability reports as submitted by the finder (customers, third party security researchers and research organizations) and work with engineering organizations to verify the existence of the vulnerability
+ Must be able to communicate the nature and severity of the vulnerability and work with the various engineering organizations to determine the impact on VCE product(s)
+ Provide technical subject matter expertise to engineering organizations on common application security vulnerabilities, how to prevent them and how to test for them
+ Assist the engineering organizations in interpreting the results of penetration testing and vulnerability scanning tools such as Nessus, Cenzic, Qualys, WebInspect
+ Monitor vulnerability alerts from various resources like Bugtraq, CERT, US-CERT and vendor specific security bulletins on a daily basis and assess relevance of these to VCE products
+ Manage technical communication with security researchers and research organizations during lifecycle of vulnerability response
+ Apply industry standards like Common Vulnerability Scoring System (CVSS) for assessing the severity of security vulnerabilities and Common Vulnerabilities and Exposures (CVE) for responding to publicly known security vulnerabilities
+ Produce technical reports by mapping EMC product vulnerabilities to Common Weakness Enumeration (CWE) and industry resources such as OWASP Top 10, CWE/SANS TOP 25 Most Dangerous Software Errors etc.
+ Monitor industry trends on vulnerabilities and communicate these to EMC engineering organizations
+ Publish technical root cause analysis on EMC product vulnerabilities and coordinate with internal resources to create a technical position statement on these for EMC engineering organization consumption
+ Perform technical reviews of security advisories and other type of communication deliverables related to vulnerability disclosure and remediation
+ Broad knowledge of all aspects of information security
+ Experience in application security and/or security incident response is preferred
+ Ability to work in a high-pressure environment
+ Ability to prioritize tasks and deliverables
+ Cross-Functional skill
+ Consultative skills
+ Possesses strong product/technology/industry knowledgeResults driven
+ Education Required: Bachelors (Tech) or equivalent
+ Experience Required: 2-3 Years
When you choose our company, you join a diverse world of innovative thought leaders. At our core is a commitment to workplace diversity, the sustainability of our planet, and community corporate involvement. We offer highly competitive salaries, bonus programs, world-class benefits, and unparalleled growth and development opportunities-all to create a compelling and rewarding work environment.
We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender identity and/or expression, national origin, protected veteran status, disability, genetics, or citizenship status (when otherwise legally authorized to work) and will not be discriminated against on the basis of such characteristics or any other status protected by the laws or regulations in the locations where we operate. We encourage applicants of all ages.
**Critical Hiring Criteria:**
Engineering - Software
211 - VCE
US - North Carolina - Research Triangle Park, US - Texas - Richardson