Linux Security Specialist

logo

Linux Security Specialist

Cloud Big Data Technologies

icon Manhattan, NY, US

icon18 May 2024

Apply Now


The position is providing Linux application security expertise to wide variety of areas, which include secure software development practices within the SDLC, security configuration management, and Windows application architecture in a cloud. This role will also be focused on working with development and engineering teams. This will include conducting Linux application security reviews and application security tests (web, mobile, web service, and databases). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools such as AppScan, WebInspect, Burp Suite Professional and/or code review tools such as HP Fortify, Ounce Labs or Checkmarx.
These job functions will require writing a formal security assessment report for each application that provides the findings and recommendations using a standard reporting format. This will be done for application assessments and code reviews. Based on common issues or gaps that are identified, this role will write-up enhanced policies and procedures to address these areas of risk.
This role will be part of a team that is composed of developers, QA testers, Linux administrators, network security, and security architecture. Additionally, there will be other IT and business operations teams to interact with on a regular basis. It is important to be able to present Linux application security information into terms for business leaders to understand and use.

Requirements

Education: Bachelors degree (B.S.) in Computer Science or a related field
Experience: Must have a minimum of 8 to 12 years Linux experience that includes security experience for large Global Enterprise networks.

Required Skills: Must have previous and/or current up the ranks Linux development language experience using some of the following areas: C++, Java, C#, PHP, Perl, Python, AJAX, MySQL, SOAP, REST, custom APIs, or SAML.
Requires Linux applications security architecture experience with a good understanding of threat modeling, security patterns and security methodologies (e.g. OSSTMM).
Relevant professional qualifications / certifications such as RHCSA, RHCE, RHCVA, RHCSS, RHCA, LPIC-2, LPIC-3, GCUX
Knowledge of OWASP tools and methodologies
Understanding of HTTP and web programming
Good understanding of Information Security standards, frameworks and best practices (e.g. OWASP, ITIL, CoBIT).
Good understanding and awareness of documentation required as part of the secure software development lifecycle.
Excellent communication skills (written and verbal) and able to articulate key messages to a range of audiences.

Preferred Skills:

Relevant professional qualifications / certifications SSCP, SANS, CEH, CHECK, CREST.
Previous professional services consulting experience

Essential Functions
Provide enterprise software development support for testing driven approach, continuous integration, and Agile development practice with RedHat Linux platforms.
Provide specific security expertise to development and engineering teams. Areas include database access, security testing, authentication methods, implementing encryption, and input validation.
Provide support using Visual Basic .NET, Visual C# .NET, Visual C++ .NET, Transact-SQL, VBScript, Jscript, Jscript .NET, XML, Visual J++. Also, C++, Java, C#, PHP, Perl, AJAX, SQL, SOAP, WCF, REST, custom APIs, or SAML.
Provide the ability to work with database teams working with SQL, SSIS, SSRS, and other SQL specific technologies.
Application integration into a cloud environment such as Azure and AWS.
Provide security testing for Linux applications.
Ability to quantify and communicate application vulnerabilities and explain identified risks to developers.
Ability to evaluated technical and functional specifications early within the SDLC identifying possible vulnerabilities and risks.
Leverage knowledge of mobile and cloud applications and how to secure them
Provide expertise on authentication, entitlements, identity management, data leak prevention, data protection, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, etc.
Provide some expertise around code analysis software using such tools as Fortify, Ounce Labs, AppScan, WebInspect, or Burp as well as being able to communicate the how and the why of these types of tools.

Responsibilities and Additional Duties
Work with minimal supervision as an individual contributor
Work with a matrixed team(s) of security consultants and engineers toward successful project completion.

Equal Opportunity Employer

Cloud Big Data Technologies is an equal opportunity employer inclusive of female, minority, disability and veterans, (M/F/D/V). Hiring, promotion, transfer, compensation, benefits, discipline, termination and all other employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity, age, disability, national origin, citizenship/immigration status, veteran status or any other protected status. Cloud Big Data Technologies will not make any posting or employment decision that does not comply with applicable laws relating to labor and employment, equal opportunity, employment eligibility requirements or related matters. Nor will Cloud Big Data Technologies require in a posting or otherwise U.S. citizenship or lawful permanent residency in the U.S. as a condition of employment except as necessary to comply with law, regulation, executive order, or federal, state, or local government contract
Apply Now
Apply Now