Fortify Security Engineer
New York City, NY
6 month Contract
Client will pay for
flights, hotel and meals for the full term of the contract.
The Senior Application
Security Engineer is responsible for promoting, designing, and evaluating
application security in all phases of the application life cycle. The candidate
shall ensure that appropriate and effective secure coding techniques and
solutions are identified, implemented, and used.
the principles and processes related to the SafeCode security framework
software architecture security guidance, including developing application
threat models and methodically protecting against business logic and
design flaws that could introduce security vulnerabilities.
secure coding recommendations in a variety of programming languages
including Java/J2EE and/or C#/ASP/.NET
the planning and execution of the application security testing and
evaluation program with possibility to mentor peer team members
- Advise and
consult internal clients on appropriate application of security practices
and existing security services to solve problems or enable new business
software vulnerabilities to both technical and non-technical audiences
the HPE Fortify product suite
- Plan and
integrate HPE Fortify Static Code Analyzer (SCA) into project team’s
knowledge of the following tools and processes:
Audit Workbench - must be able to update security content, scan Java
projects, scan complex projects, analyze scan results using the issues
panel, set filters and filter sets, view suppressed, removed and hidden
advice and guidance on how to remediate security vulnerabilities in a
variety of programming languages
detailed security recommendations for the secure development of systems
customer resources in secure development techniques using HPE Fortify and
set up Key Performance Metrics and reports in HPE Fortify Software
Security Assessment: Evaluate applications for appropriate and effective
use of security controls using tools and techniques such as source code
analysis, vulnerability scanners, and manual testing techniques
specifically for HP Fortify SSC. Write HP Fortify rules.
Security Control Development: Provide expert guidance to developers on the
appropriate selection and implementation of relevant application security
Awareness Training: Design, develop and deliver presentations focused on
raising awareness for crucial security relevant considerations and
defensive programming techniques.
- Serve as
subject matter expert on application and information security technologies
- Create documentation
related to specific security topics, as required
or more years of C++ programming experience
- Two (2) or
more years in software engineering and development with emphasis on the
delivery of secure, Internet-exposed, multi-tier, web-based systems using
Java/J2EE and/or C#/ASP/.NET (experience with both a plus).
experience evaluating the security of applications using both manual and
automated techniques. Relevant tool experience should include code
security scanners such as Fortify SSC, CheckMarx, VeraCode, IBM Rational
mentoring and leading small teams and demonstrated responsibility for
managing security assessments for a portfolio of applications.
written and verbal communication skills. Specific relevant experience may
include technical reports (especially application security assessment
reports), technical whitepapers, presentation development and delivery
(for both technical and business audiences), technical training, etc.
should have experience making and defending sound technical arguments that
incorporate relevant technical and business considerations, and building
consensus among stakeholders.
experience in implementing DevSecOps (enabling security in DevOps).
patterns and coding standards for secure software.
with one or more of the following: Microsoft Visual Studio, Eclipse, Web
Sphere Application Developer
of one of the following certifications: CSSLP, CISSP, CISM, CEH or similar
cybersecurity certification. Preference will be given to CSSLP.