Senior Security Engineer- AVP -(Remote / Hybrid)

The Senior Security Engineer is a significant technical contributor to the effort of maintaining and enhancing the security verification program at the Charles River Development. The security program encompasses vulnerability identification, tracking, risk assessment and scoring (via CVSS), vulnerability remediation management, software design review, technology security gap analysis, secure code review and threat modeling.

The role requires comprehensive knowledge of security attack vectors from the operating system through the application layer and persistent layer and related defensive controls for preventing, detecting, and mitigating attacks in both on premise and public cloud scenarios.

The Senior Security Engineer will work with the security team members to strength the overall security standing for the Charles River products. In addition, this role will work very closely with various teams and stakeholders to execute the security policies, procedures and best practices.

Responsibilities

• Have comprehensive skills to identify and to exploit common vulnerabilities.
• Know the industrial security best practices. Master of key security controls to remediate the common vulnerabilities.
• Fully understand Charles River product software development lifecycle (SDLC), and CI/CD pipeline. Work under minimal supervision to secure the whole SDLC.
• Conducting threat modeling exercises for a defined scope.
• Establish or recommend design and implementation patterns for the development team to use.
• Assist in design of security features such as authentication and authorization, data protection.
• Perform security code reviews and identify implementations that will lead to security vulnerabilities.
• Work with subject matter experts to develop vulnerability remediation action plans and drive implementation.
• Employ common security testing tools to verify security vulnerabilities.
• Conduct security impact analysis and triage vulnerability findings through industry standard threat scoring practices (CVSS).
• Participate in security incident investigations and remediation actions.
• Deliver security awareness training. Provide security training to the development organization on a periodic basis.
• Mentor and coach junior team members and other engineers to understand vulnerabilities and provide guidance on remediations.
• Keep apprised of new offensive threats and the defensive technologies to defeat or mitigate attacks. Monitor the software industry for vulnerabilities that could affect Charles River products.

Education

• B.S. degree (or foreign education equivalent) in Computer Science, Engineering, Mathematics, and Physics or other technical course of study required. MS degree strongly preferred.

Qualifications/Experience

• A minimum of 5+ years of progressively responsible experience as software engineer, with at least 3+ years of focus on secure SDLC is required.
• Demonstrated knowledge of common vulnerabilities and corresponding remediation approaches.
• Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
• Be able to perform threat modeling or use existing threat model outputs to derive security testing plans.
• In-depth knowledge of at least one programming language, including Java, C#, JavaScript, etc.
• Knowledge of existing and emerging cryptography and cryptographic standards.
• Strong analytical and problem-solving skills.
• Strong written and verbal communication skills.
• Professional security or cloud certifications are highly desirable, including but not limited to CISSP, CCSP, CEH.

About State Street

What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.

Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You’ll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.

Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you.

State Street is an equal opportunity and affirmative action employer.

Job ID: R-720304