Dell Product/Application Security Engineer in Round Rock, Texas

Product/Application Security Engineer

Dell is a worldwide provider of information technology services and business solutions to a broad range of clients. We seek men and women who share our values, thrive in a team environment, and recognize the importance of accountability; people who strive to exceed expectations to ensure our Clients' success.

The Security Engineer will join the Product Security Incident Response Team (PSIRT), part of Dell’s Product Security Office in Round Rock, TX or Hopkinton, MA. This role will identify and resolve vulnerabilities in Dell products.

The Dell Product Security Office offers a unique opportunity to join a very talented team involved in the progressive business of developing, building and delivering leading edge product security practices and standards.

Responsibilities

  • Perform analysis on the vulnerability reports as submitted by the finder (customers, third party security researchers and research organizations) and work with engineering organizations to verify the existence of the vulnerability

  • Communicate the nature and severity of the vulnerability and work with the various engineering organizations to determine the impact on Dell product(s)

  • Provide technical subject matter expertise to engineering organizations on common application security vulnerabilities, how to prevent them and how to test for them

  • Assist the engineering organizations in interpreting the results of penetration testing and vulnerability scanning tools such as IBM AppScan, Burp, Nessus, Qualys, etc.

  • Work with the engineering organizations to test the fixes for identified vulnerabilities

  • Assist with technical communication with security researchers and research organizations during lifecycle of vulnerability response

  • Apply Common Vulnerability Scoring System (CVSS) for assessing the severity of security vulnerabilities

  • Perform mapping of Dell product vulnerabilities to Common Weakness Enumeration (CWE) and industry resources such as OWASP Top 10, CWE/SANS TOP 25 Most Dangerous Software Errors etc.

  • Conduct technical root cause analysis on Dell product vulnerabilities and coordinate with internal resources to create a technical position statement on these for Dell engineering organization consumption

Requirements

  • Bachelor’s degree in Computer Science, Information Systems, or a related field

  • 5+ years of experience, specifically in Application Security, Security Operations, and Incident Response

  • In-depth knowledge of several security domains and understanding of relevant software lifecycle domains

  • Understanding of Security Development Lifecycle (SDL) practices such as threat modeling, security testing, code reviews, etc.

  • Experience in application security and code reviews are required

  • In depth knowledge of OWASP Top 10, CWE/SANS TOP 25 Most Dangerous Software Errors

  • In depth knowledge of CVSSv3 and CWE

Desired

  • Experience in security incident response is preferred

  • Experience in penetration testing is preferred

  • Experience in software development is preferred (C/C++, Java, Python)

  • SANS/GIAC, CSSLP certifications preferred

Benefits

We offer highly competitive salaries, bonus programs, world-class benefits, and unparalleled growth and development opportunities — all to create a compelling and rewarding work environment.

If you can ensure the highest level of security for our customers, this is your opportunity to develop with Dell.

Dell is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Dell are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Dell will not tolerate discrimination or harassment based on any of these characteristics. Learn more about Diversity and Inclusion at Dell here .