This job has expired, please see additional jobs below
Sr. Software Security Engineer
Autodesk
Singapore, , Singapore
Job Details - this job has expired, please see similar jobs below
Description:
• Thorough knowledge of the Secure SDLC
• Diagnose Fortify\Check Marx false positive analysis, through reverse engineering
• Drive manual code reviews for languages such as (Java\PHP\Python\Nodejs\Ruby\C\C++)
• Research & Develop new in house security frameworks for:
-Legacy desktop products
-Web based
-Mobile applications
• Research, develop and derive file fuzzing framework focusing on various Autodesk file formats
• Work with development teams to provide code level remediation’s ixes as required.
• Perform exploitable security penetration testing
• Research possible exploits as a POC to help developers learn the impact of a vulnerabili ties.
• Derive & bring up code level best practices (C#-Asp.net, C\C++, Java, Python, Ruby etc) that can be published internally.
• Responsible for conducting exploitable security hackathons internally in Autodesk with appropriate security lab set up.
• Assist security Architect perform secure design analysis
• Keep abreast of security threats in the market and address concerns internally to ad dress these.
The role:
• Hands-on programming experience using a higher level programming language like C,C++ or C#
• Good in depth understanding & knowledge of various operating system’s. (Windows\Linux\Mac)
• Good Knowledge of various vulnerabilities and ability to find those, focusing on Web\Mobile\Cloud\Desktop\Open source components
• In depth understanding of OWASP Top 10 web, OWASP Top 10 Mobile & SANS top 25 software security issues.
• Exploit writing ability, for POC’s
• Good understanding of Secure SDLC
• Fair understanding of CI-CD, Dev-Sec-Op’s security model approach for cloud based deployments
• Understanding of how HP-Fortify integrates in CI-CD as part of the DevSecOps model
• Ability to do false positive analysis
Security certifications:
Must have, Offensive Security Certified Professional (OSCP)