Senior Security Engineer

EMC Corporation, Hopkinton MA

GENERAL SUMMARY

This position is part of the Product Security Office (PSO). In conjunction with customers and leaders of other EMC business units, the PSO defines and maintains EMC’s Product Security Policy. It also conducts security training for Engineering, and it implements the Security Development Lifecycle across engineering groups to ensure they deliver secure products. The PSO delivers the Common Security Platform and ensures consistent security product and technology adoption across EMC. Finally, the PSO coordinates product security certifications and, as needed, manages EMC’s responses to product security vulnerabilities.

Not only does the team help EMC to deliver secure information infrastructure offerings to customers, but it also supports EMC’s security thought leadership position by participating actively in industry groups such as SAFECode. The members of the PSO are committed to raising visibility in the marketplace for EMC and RSA Security solutions, and they work daily to tighten the association of security with the overall EMC brand

 

PRINCIPAL DUTIES AND RESPONSIBILITIES

  1. Act as a technical resource for the EMC Product Security Response Center (http://www.emc.com/contact-us/contact/product-security-response-center.htm)
  2. Perform analysis on the vulnerability reports as submitted by the finder (customers, third party security researchers and research organizations) and work with engineering organizations to verify the existence of the vulnerability
  3. Must be able to communicate the nature and severity of the vulnerability and work with the various engineering organizations to determine the impact on EMC product(s)
  4. Provide technical subject matter expertise to engineering organizations on common application security vulnerabilities, how to prevent them and how to test for them
  5. Assist the engineering organizations in interpreting the results of penetration testing and vulnerability scanning tools such as Nessus, Cenzic, Qualys, WebInspect
  6. Monitor vulnerability alerts from various resources like Bugtraq, CERT,  US-CERT and vendor specific security bulletins on a daily basis and assess relevance of these to EMC products
  7. Manage technical communication with security researchers and research organizations during lifecycle of vulnerability response
  8. Apply industry standards like Common Vulnerability Scoring System (CVSS) for assessing the severity of security vulnerabilities and Common Vulnerabilities and Exposures (CVE) for responding to publicly known security vulnerabilities
  9. Produce technical reports by mapping EMC product vulnerabilities to Common Weakness Enumeration (CWE) and industry resources such as OWASP Top 10, CWE/SANS TOP 25 Most Dangerous Software Errors etc.
  10. Monitor industry trends on vulnerabilities and communicate these to EMC engineering organizations
  11. Publish technical root cause analysis on EMC product vulnerabilities and coordinate with internal resources to create a technical position statement on these for EMC engineering organization consumption
  12. Perform technical reviews of security advisories and other type of communication deliverables related to vulnerability disclosure and remediation

 

 

SKILLS

  • Broad knowledge of all aspects of information security
  • Experience in application security and/or security incident response is preferred
  • Industry certifications: GIAC and/or CISSP preferred
  • Ability to work in a high-pressure environment
  • Ability to prioritize tasks and deliverables
  • Cross-Functional skill
  • Consultative skills
  • Possesses strong product/technology/industry knowledge
  • Results driven

 

Education Required: Bachelors (Tech) or equivalent

Experience Required: 3-4 Years

Physical Requirements:   No

If interested in this position, please contact:
Nazira Carlage
nazira.carlage@emc.com.