Find Nuance jobs that match your profile.
Principal Product Security EngineerApply Job ID 1-40533 Date posted 04/11/2019 Location Pune, India
At Nuance, we empower people with the ability to seamlessly interact with their connected devices and the digital world around them. We are creating a world where technology thinks and acts the way people do by designing the most human, natural, and intuitive ways of interacting with technology.
Our nimble technology uses analytics and advanced algorithms to transform the inanimate into animate and reduce complicated processes into simple ones.
The Principal Product Security Engineer will report to the Director of Information Security. Major duties will focus on providing secure development services such as design reviews, code reviews, and security testing during product development, as well as providing training and consultation to product teams to improve their internal capabilities in these areas. This engineer will also drive adoption of security tools and services from external vendors, evaluating and selecting vendors, assisting integration of these services into engineering workflows, and providing expertise to interpret and remediate security issues identified by these tools and services.
Principal duties and responsibilities:
•Perform design consultation, architecture review, threat modeling, code review, and testing.
•Assist in the development of test cases, scripts, procedures, and tooling for QA security testing.
•Perform application vulnerability assessments
•Analyze output from security tooling and provide guidance to drive remediation
•Assess SDLC processes and provide guidance on increasing security review coverage
•Identify toolsets and vendors, drive adoption and implementation
•Consult with development and QA staff to remove false positives and prioritize remediation based on security scanning tools’ output.
•Perform tasks related to securing - and maintaining the security of - products, tools, and processes in R&D and DevOps
Education:Bachelor’s Degree in Computer Engineering, Computer Science, or Information Systems Management. Will consider work experience in lieu of or supplementing formal education.
Minimum years of work experience: 9 years’ out of which 5 years of experience in application security + 3-5 years software development experience (development or QA)
•In-depth knowledge of IT organization end-to-end areas and functions
•Understanding and familiarity with common code review methods and standards
•Knowledge of secure coding patterns and pitfalls in multiple languages (Java, .NET, C++, Python…;)
•Knowledge of secure configuration patterns for middleware and OS platforms (Tomcat, JBoss, Weblogic; common relational and NoSQL dbs; Windows, Linux, iOS, Android, Azure and AWS Cloud infrastructure)
•Demonstrated experience providing security review of web applications, mobile applications, thick clients, web APIs (REST, SOAP), AuthZ/AuthN protocols and technologies, and cryptography
•Experience with static analysis and dynamic analysis tools
•Experience with offensive security tools and methodologies
•Penetration testing experience, especially at the application level
•Familiarity with development and test toolsets (source code control, build systems, test automation, ticketing systems)
•Knowledge of OWASP tools and methodologies (Top 10 2013,2017)
•Knowledge of standard SDLC practices and security touchpoints in Agile, DevOps, waterfall processes
•Experience with application security requirements of HIPAA, PCI and ISO 27000.
•Solid understandings of security on networks, hardening, patch management, pen testing, vulnerability testing, Windows systems, open systems, applications, and web and public facing systems. Azure / AWS Cloud architecture related to application security a must.
•Knowledge of analytic and monitoring tools (ElasticSearch, LogStash, and Kibana (ELK) and/or Splunk, Sumologic)
•Ability to code python
•Expertise with Veracode, Rapid7 Nexpose, Whitehat or other vulnerability scanners
•Ability to reverse engineer undocumented applications or architectures
•Linux, Windows system administration
•Ability to multi-task under Agile deadlines.
•Proficient English language written and oral communication skills
Nuance offers a compelling and rewarding work environment. We offer market competitive salaries, bonus, equity, benefits, meaningful growth and development opportunities and a casual yet technically challenging work environment. Join our dynamic, entrepreneurial team and become part of our continuing success.
You have not viewed any jobs recently
I recently rejoined Nuance because I love having the privilege of working with a diverse team of nice and talent individuals to drive customer satisfaction. Having the flexibility within my role to get stuff done while maintaining a good work-life balance.Martin General Manager
I fell in love with Nuance especially the innovative platforms we create and we impact people’s lives. The work I do every day at Nuance makes a difference and I know when I go home that I truly did something meaningful and important.Vishnu Tech Support
I have been working in the Healthcare industry for close to 20 years and have marveled at how Nuance has been able to keep up with the industry changes and challenges. Every day I am challenged, and every day I make sure the customer comes first. The culture and employees at Nuance are wonderful. I am proud to work for such a dynamic and diverse company and I look forward to the future growth.Kristen Inside Sales
I work with some of the smartest colleagues in the industry to turn leading technology and innovative ideas into products and solutions that solve real life problems and have a positive impact on people. I love the flexibility of working.Martin Product Manager
Life at Nuance
We believe in an inclusive culture founded in innovation, life-long development, community impact, and flexible benefits programs so that you can be your best every day.Learn More
Industries we Serve
Nuance can develop industry-specific solutions for your businessLearn More
- Tweets by NuanceInc