Job Type: Senior Engineer from home
Location: Texas work from home
Company: American Airlines

Responsibilities:

• Uses technologies for static and dynamic analysis to assist extensive testing and the identification of vulnerabilities.
• Uses fuzzing, access/authorization bypass, business logic abuse, and purposeful fault injection to test programs for security issues.
• Identifies design flaws, improper security implementation, and a lack of security controls in application designs and implementation details.
• Researches and tests for complicated security concerns in collaboration with other security team members.
• To fix application, architectural, or environment issues, consults with software engineers, infrastructure architects, and security architects.
• Verifies bug bounty submissions made by outside security researchers.
• To plan, monitor, and manage security testing operations, strong collaboration with service providers and outside security support resources is required.
• Builds and/or keeps up threat models to explain risks to engineers, project managers, and other technical staff.
• Assures that apps are developed in accordance with corporate security guidelines.
• Review application source code for security and operational risks in collaboration with development teams.
• Performs manual code reviews of programs that cannot be analyzed automatically by SAST tools.
• When necessary, gives developers, software engineers, and technical staff access to comprehensive security documentation.
• Gives advice and suggestions to software architects and engineers on how to fix security problems in the code.
• Checks security evaluations produced by other team members with other team members.
• Upholds the SSDLC enterprise standard.

Requirements:

Minimum requirements include education and previous work experience.

• A bachelor’s degree in engineering, technology, information systems (CIS/MIS), computer science, or a closely related technical field, or comparable experience or training
• Working as a frontend or backend software developer for two years
• Having worked as a developer on a team of at least five other software engineers
• At least one compiled programming language at the expert level
• At least one interpreted programming language at the expert level
• Writing software specifications expertiseThe capacity for independent research
• A thorough knowledge of the REST and SOAP web service implementation paradigms
• Familiarity with the San’s Top 25 and OWASP

Prior work experience and education are preferred qualifications.

• Tools and techniques for static analysis that are well-versed
• Expert knowledge of the tools and techniques used in dynamic analysis
• Advanced understanding of design ideas and methodologies for software engineering (Scrum, XP, Lean, Waterfall)
• Strong knowledge of popular cryptographic libraries and methods
• Experience developing Android or iOS mobile applications
• 2+ years of experience as a full stack developer
• 1 or more years spent in a software QA position.

Knowledge, Permits, and Certifications

• Basic understanding of symmetric/asymmetric encryption, hashing, signature, and decryption concepts
• A fundamental understanding of network security fundamentals, including reverse shells, DNS spoofing, ARP poisoning, and firewalls
• Basic familiarity with test-driven development and defensive programming
• Understanding of XSS, SQL Injection, UI Redressing, Directory Browsing, and Log Forging common application attacks
• A fundamental knowledge of software coupling, software cohesion, and microservice application architecture
• Capable of quickly picking up new programming languages as required to perform code reviews
• Able to use the following tools and technologies without difficulty: Git, SoapUI, Jenkins, Artifactory, SonarQube, FindBugs, Docker, and Coverity.

Would you like tips on how to find work from home jobs? Keep reading: