Job Description:
Verisign empowers a secure, stable, and resilient internet.
We deliver unmatched performance in domain name system (DNS) services as a trusted provider of internet infrastructure services for the networked world.
Key Responsibilities:
* Lead and participate in designing and implementing secure coding practices across development teams.
* Conduct detailed threat modeling exercises for new and existing applications to identify potential security issues.
* Perform security reviews and code analysis to proactively identify and mitigate security vulnerabilities.
* Work closely with developers to provide guidance on remediation strategies and secure coding techniques.
* Implement and maintain automated security testing tools and processes.
* Evaluate third-party libraries and dependencies for security risks.
* Stay up-to-date with emerging security threats, vulnerabilities, and technologies to continuously improve application security measures.
* Collaborate with cross-functional teams including Engineering and Operations to integrate security into the software development lifecycle (SDLC).
Requirements:
* Bachelor's degree in Computer Science, Information Technology, or related field (or equivalent experience).
* 10+ years of proven experience as an Application Security Engineer or a similar role.
* In-depth knowledge of OWASP ASVS and application security best practices.
* Strong understanding of threat modeling methodologies and tools.
* Hands-on experience with secure coding practices and techniques (e.g., encryption, authentication mechanisms, secure API design).
* Proficiency in conducting security assessments (e.g., penetration testing, code reviews).
* Experience with security tools such as Burp Suite, Fortify, Veracode, etc.
* Excellent communication skills with the ability to articulate complex technical issues to non-technical stakeholders.
* Certifications such as CEH, or equivalent are a plus.