Senior Information Security Manager
Location: Wilmington, MA
Manage individual employees on a day-to-day tactical level on projects and other issues; conduct fortnightly meetings with every employee to solicit information about the employee's projects; meet with VP of Services once a month to summarize the overall tactical position of the team; help discuss and set OKR goals with the engineers; help plan the career growth of engineers; help solve individual employee issues; summarize employee project trends for the VP of Services; act as a backup sales support person; lead the Mobile Security Center of Excellence and be the central point of contact for all the activities that Security Innovation plans for the growth of this division; perform security assessments on Android and iOS mobile apps with or without access to source code; perform intensive ongoing research on Android, iOS, Windows Mobile, and Blackberry platforms, APIs, communication channels, and commonly-used hardware components; evaluate the security of new web, mobile or embedded product designs to determine vulnerability to physical or electronic tampering, protocol fuzzing, side channel attacks or other known/unknown exploits; conduct internal as well as customer trainings on varied security topics; review software specifications and code to ensure adherence to secure-coding and sound design principles; create threat models that result in more secure application design; design and develop security testing scenario; keep the internal testing methodology updated at all times; analyze and present results of testing to team members, managers and customers; write detailed problem reports, test plans documents and mitigation recommendations as needed; develop tools to aid penetration test automation and effectiveness; help the sales team with RFP process and help train them to understand services better to increase market presence; provide continuous feedback that improves the value that the company provides to their customers.
Position requires a Bachelor’s degree in Computer Science, Computer Engineering, or related and 6 years' progressive post-baccalaureate experience in the field of application security, including extensive experience in architecting security for applications running smart mobile platform and 1 year of experience in team leadership. Also require excellent understanding of Mobile application security and related peripheral hardware technologies like Bluetooth, etc.; experienced in conducting training for batches of more than 50 attendees in the field of Mobile and Embedded security (valid for conferences like Black Hat which have a general attendee limit of 120 attendees for their 4 day trainings); should have presented at top International Security conferences like OWASP, Black Hat, DEFCON, etc. on varied security topics more than 5 times; proven experience of building at least one security service offering from scratch; security certifications CEH and CHFI; at least one Offensive Security Certification; experienced in manual and automated code analysis tools IBM AppScan, Burp Suite, and Metasploit; thorough knowledge of common security bug categories; experienced in all phases of software development life cycle; understanding of performing security testing of upcoming sectors like Automobiles and Embedded devices; excellent trouble shooting and customer support skills on deep technical topics; should have at least one tool written to support the Open Source Security community; should have basic Reverse Engineering skills; and should have basic knowledge of network and infrastructure exploitation.
Please submit your resume and salary requirements to the attention of Joseph Basirico, Vice President of Services, Security Innovation Inc., 1511 3rd Avenue, Suite 808, Seattle, WA, 98101. By email to: firstname.lastname@example.org.
About Security Innovation
Security Innovation is a Software Security Company with offices in Seattle and Boston. We work with many different companies to help them build secure software through penetration testing, code review, training, and educational security products. We’re a team of passionate Security Engineers and Developers that love what they do. We perform security testing, code review, design review, are leaders in security research, go to security conferences frequently and have lots of time for professional development. We develop an incredible open security training range called CMD+CTRL.