Are you looking to make a real, meaningful impact on the global state of information security?Join us as a Security Content Developer to help address security issues at the source—insecuresoftware.
You will have the opportunity to positively impact nearly every part of the world's digitalinfrastructure by helping shape secure software development for our clients who include theworld's largest financial services, software, healthcare, telecom, technology, media, andindustrial control system companies.
We are looking for experts in various domains of IT security, with extensive knowledge ofsoftware security issues such as those outlined in CVEs, CWEs and the OWASP Top 10 and itscorresponding counter-measures. Along with expertise, we are looking for a passionatecandidate to develop clear security training courses, security requirements, procedures, andguidelines for developers and practitioners.
Specific responsibilities include:● Identifying and specifying the most commonly used frameworks and technologies withina specific domain● Researching and defining broad threats and vulnerabilities for the identifiedtechnologies, frameworks, and programming languages● Identify security requirements, pinpoint security threats and potential vulnerabilities,quantify threat and vulnerability criticality, and prioritize remediation methods● Writing content on how to implement defensive controls/requirements to addressthose problems● Writing detailed procedures and code samples to demonstrate vulnerabilities and howcounter-measures are implemented for that framework or technology● Updating existing content based on the newer versions of frameworks and technologies● Be aware of the recent breaches and security news for adding them into the coursescript if needed.
Required Skills & Experience
● Familiarity with the specified domains of IT , and ability to identify the most commonpractices and important frameworks.●Familiarity with security requirements, pinpoint security threats and potentialvulnerabilities within most commonly used frameworks and technologies.● Good knowledge of Threat modelling methodologies such as STRIDE, PASTA andfamiliarity with common attack patterns databases such as CAPEC and ATT&CK.● Understanding threat severity and, and prioritizing remediation methods.● Hands-on experience with some threat modeling tools .● Able to write the steps for providing the secure configuration, implementation anddeployment for Developers, DevOps and Ops Engineers audiences.● Strong written communication skills and desire to write crisply and in an easy tounderstand way.● The candidate should be able to write clear how-to’s and guidelines.
Why Security Compass?
Click here to start imagining your future at Security Compass!Security Compass is proud to be an Equal Opportunity employer. Diversity is our differentiator and all qualified applicants will be considered without regard to race, ethnicity, color, religion, creed, gender, pregnancy, sex, sexual orientation, gender identity, national origin, age, genetic information, military and veteran status, marital status, medical condition, disability, or any other legally protected basis, in a manner consistent with the requirements of applicable state and Federal law. Should you require accommodation for a disability, special need and/or religious reason, please inform [email protected] so that an inclusive and barrier free process can be provided to all applicants throughout the application process. All information provided will be addressed confidentially. Learn more about your equal employment opportunity rights here.