Business Runs on IT. IT Runs on BMC Software.
Business runs better when IT runs at its best. That's why more than 20,000 IT organizations – from the Global 100 to the smallest businesses – in over 120 countries rely on BMC Software (NASDAQ: BMC) to manage their business services and applications across distributed, mainframe, virtual and cloud environments. With the leading Business Service Management platform, Cloud Management, and the industry’s broadest choice of IT management solutions, BMC helps customers cut costs, reduce risk and achieve business objectives.
Job Description: Application Security Architect - Lead
As an Application Security Architect you are going to help BMC produce software that increasingly raises the bar regarding Application Security posture. Our customers expect that we respond to this market need with the best results we can offer and our expectation is that you will help us achieve that goal. You will provide architectural guidance in the areas of application security for the Product Development teams. You will conduct and support internal product security audits; you will help build a security response and tracking process for internally and externally logged vulnerabilities. You will assist developers in resolving application security defects. You will work with scan vendors to ensure that false positives are reported back to them on BMC products. You will assist in Application Security Education for the product teams and you will interface directly with our customers when they require assistance with their application security issues.
Bachelor or Master Degree in Engineering, Computer Science or Mathematics
- Understanding of the principles of OWASP (https://www.owasp.org)
- Using a Proxy tool such as Burp, Fiddler etc. be able to test a web application for SQL Injection, Cross-site request forgeries, XSS, access control and authentication flaws, etc.
- Understand the principles of cryptography, including symmetric ciphers, public / private keys, certificates, signing keychains.
- An understanding of Web Servers and application servers
- An understanding of various protocols, including HTTP, TLS
- Ability to read and understand the output of vulnerability scanners such as HP Webinspect and IBM Rational AppScan. Be able to develop proof of concept testcases from the output or document false positives.
- Ability to identify business logic flaws in processes
- Ability to explain the impact of various security vulnerabilities, calculate appropriate CVSS scores and to recommend mitigation options
- Ability to construct a threat model based on the given attack surface of a software product
- A good understanding of Firewalls and Proxy servers
- Ability to work with development teams during the envisioning and development process to guide secure design
- Develop and extend tools that support investigation and improve product security posture
8-10+ years as an Application Security auditor or Pen tester
BMC is an Equal Opportunity Affirmative Action Employer.
BMC Software, is an Affirmative Action/Equal Opportunity Employer. M/F/D/V encouraged to apply.