Software Security Engineer - Information Technology

Software Security Engineer

Information Technology

Position Summary:

The Software Security Engineer is responsible for working with other members of the architecture, development, and operations teams to define, implement, monitor, and support secure development practices throughout the Software Development Life Cycle (SDLC). 

Outline of Duties:

• Security Integration: Implement security practices and tools within the CI/CD pipeline to ensure that security checks are automated and performed continuously.
• Vulnerability Management: Work with the cybersecurity team to regularly scan for vulnerabilities in code, applications, and infrastructure, and work on remediation strategies to address these vulnerabilities.
• Compliance and Governance: Ensure that the development and operations processes comply with industry standards, regulations, and organizational security policies.
• Risk Assessment: Conduct regular risk assessments to identify potential security threats and vulnerabilities in the development and operations processes.
• Security Automation: Develop and implement automated security tools and scripts to reduce manual effort and improve the consistency of security practices.
• Incident Response: Collaborate with the security operations team to respond to security incidents, analyze root causes, and implement preventive measures.
• Security Training and Awareness: Educate and train development and operations teams on security best practices, ensuring that security is a shared responsibility.
• Configuration Management: Ensure that infrastructure and application configurations are secure, consistent, and properly managed across all environments.
• Collaboration and Communication: Work closely with development, operations, and security teams to ensure that security is seamlessly integrated into the DevOps culture and practices.
• All other duties as assigned.

Minimum Qualifications:

• Bachelor's Degree in Computer Science, Cybersecurity, Engineering, related field or equivalent experience
• 3-5 years experience in DevSecOps, DevOps, Application Security, or a related role.  Experience should include hands-on work with integrating security in the SDLC.
• Proficiency in CI/CD tools, with experience integrating security testing.
• Knowledge of Cloud Platforms: Experience with AWS, Azure, or Google Cloud, including security features and best practices.
• Security Tools Proficiency: Experience with tools for static and dynamic analysis, container security tools, and vulnerability management tools.
• Scripting and Automation: Proficiency in scripting languages such as Python, Bash, or PowerShell, with experience in automating security tasks.
• Version Control Systems: Proficiency with BitBucket, Git, and/or other version control systems, including branching strategies and secure code management.
• Strong Problem-Solving Abilities: Ability to identify security issues and implement effective solutions within a fast-paced environment.
• Collaboration and Communication: Experience working closely with development, operations, and security teams, with the ability to communicate security requirements clearly.
• Attention to Detail: A strong focus on detail, particularly regarding security vulnerabilities and compliance requirements.

Desired Qualifications:

• Master's Degree in Computer Science, Cybersecurity, Engineering, or related field

Subaru of Indiana Automotive, Inc. is an equal opportunity employer committed to employing a diverse workforce.