EMC Product Security Engineer in Richardson, Texas
This position is part of the Product Security team. The Product Security team ensures consistent product security adoption across EMC. It also conducts security training for Engineering and it implements the Security Development Lifecycle across engineering groups to ensure they deliver secure products.. Finally, the Product Security team manages EMC’s responses to product security vulnerabilities.
Not only does the team help EMC to deliver secure information infrastructure offerings to customers, but it also supports EMC’s security thought leadership position. The members of the Product Security team are committed to raising visibility in the marketplace for VCE Security solutions, and they work daily to tighten the association of security with the overall EMC brand.
PRINCIPAL DUTIES AND RESPONSIBILITIES
Act as a technical resource for the EMC Security Response Center
Perform analysis on the vulnerability reports as submitted by the finder (customers, third party security researchers and research organizations) and work with engineering organizations to verify the existence of the vulnerability
Must be able to communicate the nature and severity of the vulnerability and work with the various engineering organizations to determine the impact on VCE product(s)
Provide technical subject matter expertise to engineering organizations on common application security vulnerabilities, how to prevent them and how to test for them
Assist the engineering organizations in interpreting the results of penetration testing and vulnerability scanning tools such as Nessus, Cenzic, Qualys, WebInspect
Monitor vulnerability alerts from various resources like Bugtraq, CERT, US-CERT and vendor specific security bulletins on a daily basis and assess relevance of these to VCE products
Manage technical communication with security researchers and research organizations during lifecycle of vulnerability response
Apply industry standards like Common Vulnerability Scoring System (CVSS) for assessing the severity of security vulnerabilities and Common Vulnerabilities and Exposures (CVE) for responding to publicly known security vulnerabilities
Produce technical reports by mapping EMC product vulnerabilities to Common Weakness Enumeration (CWE) and industry resources such as OWASP Top 10, CWE/SANS TOP 25 Most Dangerous Software Errors etc.
Monitor industry trends on vulnerabilities and communicate these to EMC engineering organizations
Publish technical root cause analysis on EMC product vulnerabilities and coordinate with internal resources to create a technical position statement on these for EMC engineering organization consumption
Perform technical reviews of security advisories and other type of communication deliverables related to vulnerability disclosure and remediation
Broad knowledge of all aspects of information security
Experience in application security and/or security incident response is preferred
Ability to work in a high-pressure environment
Ability to prioritize tasks and deliverables
Possesses strong product/technology/industry knowledgeResults driven
Education Required: Bachelors (Tech) or equivalent
Experience Required: 2-3 Years
When you choose our company, you join a diverse world of innovative thought leaders. At our core is a commitment to workplace diversity, the sustainability of our planet, and community corporate involvement. We offer highly competitive salaries, bonus programs, world-class benefits, and unparalleled growth and development opportunities-all to create a compelling and rewarding work environment.
We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender identity and/or expression, national origin, protected veteran status, disability, genetics, or citizenship status (when otherwise legally authorized to work) and will not be discriminated against on the basis of such characteristics or any other status protected by the laws or regulations in the locations where we operate. We encourage applicants of all ages.
Critical Hiring Criteria:
Engineering - Software
211 - VCE
US - North Carolina - Research Triangle Park, US - Texas - Richardson