Validity Sr. Security Engineer in Boston, Massachusetts
About the Role
Validity is looking for a senior application security engineer to join our security and privacy team. As our appsec expert, you will partner with our product development and web content teams to assess our code, applications, and sites, prioritize risks for remediation and help us shift security left in our SDLC. You will lead our own third-party pen tests as well as manage client-initiated assessments, and will also lend a hand in day-to-day secops and privacy team operations. If you are smart, autonomous, friendly, and thrive in a fast-paced environment, we?d love to have you join us!
Validity?s secops and privacy team is collaborative, cooperative, and strong business partners with all business units within Validity. We seek to build positive relationships while maturing and strengthening Validity?s security and privacy posture.
Position Duties and Responsibilities
Provide expert-level security engineering knowledge through strong technical leadership & drive demonstrable improvement to operational practices, fortifying Validity?s security posture.
Provide state of security posture & recommend solutions to provide better protection of information assets.
Analyze the current security and software architecture to identify weaknesses & develop opportunities for improvement.
Conduct security reviews & penetration testing of systems, source code, and applications.
Provide accurate & timely reporting on all project deliverables.
Provide skills training & coaching for Security Operations Team members on processes, procedures, & technologies.
Provide discovery, analysis & forensic documentation of security incidents as they occur within the Validity systems.
Work with various IT & Engineering functional groups to ensure end-to-end system security regarding data exchange between systems both internal & external & reduce unnecessary risk to the organization.
Research & implement emerging security technologies for their application in the Validity computing environment.
Assess standard operating system configurations & management practices implemented to protect Validity data.
Provide practical security best-practice guidance to Validity.
Assist in the development of disaster recovery plans and business continuity exercises.
Other duties logically associated with the position (ex: working with third parties on their technical assessments of our systems and applications, supporting internal customers with general security questions, etc.)
Required Experience, Skills, and Education
7+ years? experience in Information Security Engineering, in a technical capacity.
Must have the ability to work effectively with all levels of staff (both technical and non-technical), possess excellent oral & written communications skills, demonstrated leadership, problem-solving, planning, & organizational skills.
Experience with penetration testing web-based SaaS applications and systems operating out of Cloud infrastructure (AWS, Azure, etc).
Knowledge of application-level attacks and mitigation methods, with a thorough understanding of OWASP top 10.
Knowledge of Windows, Linux, & Mac OSX operating systems, IP networking, security scanners, industry best-practices, & related security topics.
Knowledge of network-based & system-level attacks & mitigation methods & related networking hardware - routers, switches, wireless networks, load balancers, VPN, etc.
Knowledge of DAST and SAST systems.
Ability to demonstrate experience in performing security design, build, implementation, & support for Information Security infrastructure in an enterprise-level environment.
CEH, eCPPT, eWPT, GWAPT, OSCP, or equivalent experience.
Preferred Experience, Skills, and Education
BS, MS in Computer Science or equivalent experience
CISSP, CISM, or CSSP
Experience with Qualys and Checkmarx
Basic knowledge of PHP, Python, and Ruby
Experience working with compliance & regulatory program requirements.
Familiarity with email marketing and/or customer relationship management (CRM) platforms are a plus.
For over 20 years, tens of thousands of organizations across the world have relied on Validity solutions to target, contact, engage, and retain customers ? using trustworthy data as a key advantage. Validity?s flagship products ? DemandTools, BriteVerify, Return Path, Trust Assessments, and GridBuddy ? are all highly rated, #1 solutions for sales and marketing professionals. These solutions deliver smarter email campaigns, more qualified leads, more productive sales, and ultimately faster growth.
Validity is a truly unique company - massive revenue growth, top-tier investors, 5-star product ratings, proven ability to acquire and integrate top tech companies and welcome them into the Validity family, winning culture, and a work environment that fosters hard work, trust, and fun.
Headquartered in Boston, Validity has offices in Tampa, Denver, Indianapolis, London, and Sydney. For more information, visit connect with us on LinkedIn, Instagram, and Twitter.
Validity is proud to be an equal opportunity employer. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status.