Security Software Engineer

We’re hiring an Information Technology Security Engineer III!

About the position

Responsible for penetration testing a variety of environments based on methodical adherence to attack-scoring frameworks. Builds, deploys, and maintains new security automation and orchestration tooling to integrate scanning and monitoring for compliance within existing pipelines. Reviews and guides internal teams in developing more secure codebases, while educating them on best practices to build a strong “security-first” culture.

Who will love this job?

• A team steward, you are motivated to do your best work and strive to elevate the entire team
• A creative problem solver, you are energized by roadblocks and have a knack for troubleshooting problems in stride and solving them in a calm, cool, and collected manner.
• An efficient worker, you enjoy having multiples priorities at one time and multitask and without breaking a sweat.

What you'll do

In Depth Penetration Testing & Threat Modeling:

• Conducts ongoing internal and 3rd party vendor penetration testing and auditing aligned with compliance and legal objectives.
• Performs threat modeling in accordance with OWASP Top 10, MITRE ATT&CK, and similar attack-scoring frameworks.
• Monitors, tests, and proactively reports on current threats and vulnerabilities to respective teams.
• Researches and educates on emerging threats within similar environments and landscapes, along with offering remediation solutions for such.

Security Tooling, Automation, & Orchestration:

• Builds, ships, and maintains various security packages to internal application codebases for automation.
•  Identifies vulnerable dependencies across the organization and works with individual teams to resolve them.
• Installs preventative programmatic measures to mitigate repeat vulnerability occurrences.
• Integrates security monitoring within existing CI/CD pipelines. Works with Ansible and Jenkins a plus.
• Builds complex regex pattern identification scripts and parsing to identify potential injection attempts.
• Builds and integrates APIs from disparate systems for orchestrated audits and scans.

Secure-SDLC (SSDLC) Guidance, Codebase Review & Support:

• Develops detailed security design and procedures across the enterprise to drive a standardized set of requirements and align with internal policies.
• Leads secure-SDLC and product security maturity efforts to adopt a shift-left approach to security.
• Conducts platform/service workload design and architecture reviews, as well as audit source code for compliance.
  Monitoring, Logging, & Reporting:
• Parses a variety of debug logs for determining behavioral baselines to formulate granular internal policies and standards.
• Orchestrates log ingestion into tools and tuning rulesets for advanced metrics reporting on enterprise-wide security posture.
• Builds leaderboards and reporting interfaces on current and forecasted KPIs and risk indicators.

Other General Duties:

• Provides product security related coaching and mentoring to elevate security expertise of development teams.
• Takes ownership of security decisions made in the engineering organization by helping organization members make clear decisions in alignment with organizational goals, backing decisions made, and taking responsibility for their success.
• Fosters a company-wide positive culture across by having conversations based on organizational strategy and principles to create alignment.
• Ensures security goals are understood and continuously worked towards across the organization.
• Takes ownership and responsibility for organizational security practices and processes and their continuous improvement.
• Effectively handles risk, change, and uncertainty across the organization.
• Facilitates organization-wide discussions, ensuring that everyone has an opportunity to share their opinion and be heard, and that discussion outcomes are tied to stated goals.
• Actively advances a culture of documentation and knowledge sharing across the organization.
• Ability to work off-hours with occasional evenings, weekends, and/or holidays.

What you need to know

• Bachelor’s Degree in computer science or a related field or equivalent work experience.
• 8 years experience as a Software/Security Engineer or Architect.
• 8-10 Years of Development Experience in the following languages: Python, JS (Node, AJAX), Java, SQL, Linux Bash (or similar terminal languages), XML, YAML/JSON.
• 3-4 years of Docker and/or k8s, Ansible, Jenkins, Terraform, and AWS/Azure preferred. Deep and current experience with AWS/Azure architectural design patterns and application.
• Preferred Certification/ License: Any credentials from the following certification bodies: ISC2, ISACA, CompTIA, GIAC, AWS, Azure, TOGAF, SABSA.
• Expert knowledge and experience with Kali Linux tooling (Burp, ZAP, Metasploit, sqlmap, etc).
• Experience designing and implementing webhooks, SOAP, REST, and GraphQL APIs.
• Expert knowledge of web application and database design, development, and integration techniques.
• Participation in bug hunting / bug bounty communities is a plus.
• Experience with PCI / GDPR / or CCPA a plus.
• Knowledge and experiences with data protection concepts such as: (a) data obfuscation, anonymization, & de-identification; (b) secrets management; and (c) vault services.
• Experience building application parameterized/prepared-statement query interfaces a plus.

About Plexus

Plexus Worldwide is a leading direct-sales company founded in Scottsdale, Arizona, where it remains a top employer and economic driver. For the past 16 years, Plexus has been focused on igniting hope, health, and happiness through its science-backed nutritional products, skincare, and an exciting home-based entrepreneurial opportunity.

As a 6-time Best Places to Work winner, the company enjoys a solid organizational culture and deeply commits to giving back to communities in need.

Our Core Values

We contribute to the overall growth and success of Plexus by embracing the Plexus core values:

• We are One Plexus.
• We are accountable.
• We get the job done right.
• We empower others.

Benefits

• 401k program with a company match and immediate vesting.
• Quarterly bonuses based on company profitability.
• Weekly drawings for gift cards and cash.

Thank you for taking the time to apply for an opportunity with our One Plexus team! If you have any issues during the application process, please get in touch with us directly at careers@plexusworldwide.com.

We are committed to protecting the privacy and security of your information. Visit our Candidate Privacy Notice for additional information.