MathWorks Security Quality Engineer in Natick, Massachusetts
Security Quality Engineer
Working under the direction of the Manager or Senior Team Lead, will be responsible for designing and developing sophisticated testing software to support application security; developing software testing applications to address security requirements during all aspects of MathWorks application development process; applying security testing methodologies to perform product security testing including penetration testing, threat modeling, vulnerability assessment, and security feature validation; developing test infrastructure and tooling; authoring automated tests to detect security bugs; developing development security standards, influencing projects during all phases of the software development life cycle (SDLC), using application vulnerability assessment tools, and performing secure code reviews; providing security insight during the design, development, test, and release of MathWorks core products; adhering to application security standards; performing application vulnerability assessments; conducting web application security scans, analyzing the results for false positives, prioritizing vulnerabilities, and researching and proposing remediation steps; participating in application design and architecture reviews; and advocating for security requirements during all phases of the SDLC.
Education and Experience:
Master’s degree or higher (or foreign education equivalent) in Engineering, Computer Science, Information Technology and Management, Information Security, or Information Assurance and no experience.
Bachelor’s degree (or foreign education equivalent) in Engineering, Computer Science, Information Technology and Management, Information Security, or Information Assurance and five (5) years of experience in job offered or five (5) years of experience assessing and testing software security.
Demonstrated expertise performing web application security assessments using AppScan, Veracode, OWASP ZAP, or Burp Suite.
Demonstrated expertise enhancing software application security using Python scripting and component analysis security tools -- JFrog Xray, Black Duck, OWASP Dependency Check, or Snyk; performing version control and continuous integration; and in software configuration management and version control system management including analysis and implementation of branching strategies using Git, Perforce or SVN.
Demonstrated expertise troubleshooting security policies for applications reverse-proxies using F5, NGINX, or Fiddler; and designing security standards and fixing security vulnerabilities during all phases of the SDLC.
[Expertise may be gained during Graduate program.]