Dell Software Quality Principal Engineer (Security) in Bengaluru, India
Job Title: Software Quality Principal Engineer ( Security ) I8
About Business Unit:
At Dell EMC, you will have the opportunity to turn your ideas into a career with the world's largest Storage and Data Protection provider. As per IDC, Dell EMC is the #1 provider for purpose built backup appliance (PBBA) with 67% market share. Our Data Protection portfolio consists of highly integrated and industry-leading products and technologies that will change the way companies approach the protection and availability of their data and applications. Data Domain is an industry leader to provide best-of-breed solution for backup and archival needs. It providesdisk-baseddata protection with excellent storage efficiency using it’s unique In-line Data De-Duplication technology.
The S DL (Security) team is responsible for providing customer centric manageability solutions.The focus of this team is to provide software interfaces to external and internal users to enhance their productivity.Some of the responsibilities of this teamarevalidating security aspectsofuser interface applications, REST service infrastructure, Health monitoring daemons, custom Linux shell, License management, User management/role-basedaccess control,Security scans, Compliance, Common Criteria, Product hardening, Follow STIG and SRG standards.SNMP support, 3rd partyproduct integration solutions, messaging middleware and databases for configuration, monitoring and reporting.Upgrade of Distro packages. Adhering to OWASP/VAPT/ NIST/FIPS/Federal/Compliance standards.
Primary tasks will involveoverallsecurityof product. For every project, writingSecuritystrategy, test plan, test executionfor Security, reporting and process improvement. Analyze customer found issues and put improvement plan. Automation and regressionrun. Security coverage on RBAC, Encryption, Ciphers, Protocol, LDAP, Single Sign On,Openssh/SSL, Authorization, Authentication, Accounting. Threat modeling, STIG/ SRG and CVE/CVSS analysis. Security Scan tools, Certificate management.Work on Customer escalation, Product security office CVE updates on the product line.Certifying product forFips, Common criteria, Cryptolibrary,Governance.Score card analysis. Pen testing skills with OWASP.
Able to take accountability ofsecurityof overall product articulatetest strategy for minor and major releases.
Find security vulnerabilities early in release cycle.Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
Able to automate scans, triage and recommendation and reduce manualeffort
Experience in system security engineer or information security engineer, Scan tools likeBurpsuite,Nessus Qualys, Malware, Rootkit, Web-scan, Black-duck,twistlockrunning on all virtual environment.
Knowledge of database and operating system securityexperience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, data encryption, etc. AWS/Azurelikecloud platform as a service (PaaS) security.
Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
Constantly upgrade yourself with latest methods to test products from security dimension.
Provide solutions to a variety of problems of moderate scopeand complexity. Use tools appropriately with technical guidance and complete tasks and assignments under normal supervision.
CVE analysis,SLES, RHEL database analysis, 3rdparty component knowledge, Static and Dynamic code analysis. Strong knowledge of container and dockers.
Bachelor’sdegree8+years’ experience in Computer Science or related field(Security)
Master’s degree6+years’experiencein Computer Science or related field(Security)
Working experience in Security domain and mastery of tools for scanning.
AdvancedAutomationexperience in Python& necessary librariesto beable toautomate,run scans, analyzeresults,and recommend priority/severity/impact.Reduce manual and repeatwork to near zero.
Experience in Storage, Filesystem, Data protection and/or Backup & Recovery software security.
Must have excellent communication skills, both verbal and written.
Must be a team player who likes to work in a high energy Agile atmosphere
Any of the following certificationadds advantage.
Certified Information Systems Security Professional (CISSP)
CISA – Certified Information Systems Auditor (CISA)
CEH – Certified Ethical Hacker (CEH)or Masters.
CISM – Certified Information Security Manager (CISM)
ISSAP – Information Systems Security Architecture Professional (ISSAP)
ISSEP – Information Systems Security Engineering Professional (ISSEP)