onsite
Senior Security Engineer - Momentive Software
Security Engineer
Senior Security Engineer leading Secure SDLC implementation, security governance, and advanced application security testing (SAST, DAST, IAST, SCA, pen testing) while providing expertise to development, DevOps, and architecture teams.
About the role
Key Responsibilities
- Define, implement, and continuously improve Secure SDLC frameworks aligned with OWASP, NIST, ISO 27001, and CIS standards.
- Establish security policies, coding standards, and checkpoints across all phases of the software development lifecycle.
- Act as the security subject‑matter expert for development, DevOps, and architecture teams, guiding secure design decisions.
- Perform advanced threat modeling using STRIDE and PASTA methodologies and conduct security architecture reviews.
- Lead application security testing programs, including static (SAST), dynamic (DAST), interactive (IAST), and software composition analysis (SCA) tools.
- Oversee and execute penetration testing activities, validate findings, and drive remediation efforts.
Requirements
- 5+ years of experience in application security and Secure SDLC implementation.
- Deep knowledge of threat modeling frameworks (STRIDE, PASTA) and security standards (OWASP, NIST, ISO 27001, CIS).
- Hands‑on expertise with SAST, DAST, IAST, and SCA tools, as well as manual penetration testing.
- Proven ability to develop security policies, coding standards, and governance processes.
- Strong communication skills to influence cross‑functional teams and translate security concepts into actionable guidance.
Skills
penetration testing