Sr. Security Software Engineer

Job Description

Job Summary

Effectv Software Engineering team has embarked on a cultural transformation towards enabling our engineering development teams to build-security-in rather than having security-bolted-on, an approach we refer to as DevSecOps. As part of the transformation, we are building a high performing security software team to build security and privacy into our new Next Gen Platform and other systems. This Senior Software Security Engineer position will be a key contributor towards this cultural transformation. If this position excites you, we look forward to speaking with you. The key goals of this position are: • Enable Development teams to take ownership of their application security by supporting the teams to adhere to the Comcast DevSecOps and other Security practices and supporting / performing SDL assessments • Build security into the enterprise architecture by working with the architects, other security engineers and Dev teams • Plan, design and build new security software solutions using programming languages like Python, Java, C# etc.; Analyze, test and assist with the integration of existing security solutions • Collaborate with teams and vendors to automate and integrate security processes and solutions into CI/CD pipelines • Enhance source code analysis tools (SAST/DAST/IAST) including configuration and operation of tools and helping with evaluation of new tools • Collaborate with Comcast Security teams to build and implement Cloud Security and Data Security solutions • Design, implement and perform security testing to improve the security posture of the engineering organization • Ensure Development teams comply with the Comcast Cyber Security Standards by working in conjunction with other Security teams • Contribute to the security knowledge base and document development activities

Job Description

Core Responsibilities

• Works with the architects to ensure that security is built into enterprise architecture including implementation of secure design patterns (On-Prem and Cloud) and p roviding engineering designs to mitigate security vulnerabilities in new software solutions
• Strong programming/scripting experience in languages like Java, C#, Python, Go etc.to design & build new security software solutions and integrate with existing security solutions
• Coach development teams in learning how to develop secure code
• Advise teams on implementing security tools and CI/CD processes and help automate and integrate security solutions into CI/CD pipelines (e.g. Concourse, Azure DevOps etc.)
• Address security risk and advocate appropriate DevSecOps practices to improve end to end secure delivery practices by working closely with development teams
• Collaborate with teams and vendors to implement source code analysis tools including configuration and operation of tools such as WhiteSource, Contrast, Checkmarx etc. and helping with evaluation of new tools
• Be a trusted automation and tooling advisor for DevSecOps initiatives by providing objective, practical and relevant ideas, insights and advice
• Work with the Comcast Cybersecurity team to perform DevSecOps / SDL assessments of teams against the Comcast SDL practices
• Collaborate with Comcast Security teams to build and implement Cloud Security and Data Security solutions
• Influence culture change resulting in a shift-left and security-by-design movement by building relationships with development teams, security teams & business stakeholders
• Design, implement and perform security testing programs including white box testing as well as code reviews for improving software security
• Develop training & awareness programs, evangelizing security through internal and external events
• Maintaining technical documentation related to software security
• Design solutions to enable issue tracking, metrics, and reporting to support planning, compliance, and remediation activities
• Staying updated with latest tools and advanced industry practices for software security
• Coach/Mentor/Consult with team members to follow secure coding practices
• Proven work experience as a security software engineer
• Application security development experience with Windows and Linux based applications
• Strong programming/scripting experience in languages like Java, C#, Python, Go etc.
• Experience with development of CI/CD pipelines and integrating security processes using tools such as Jenkins, Concourse etc.
• Experience in cloud providers such as AWS, Azure etc. specifically in implementing cloud security design patterns
• Experience using configuration management tools such as Ansible and infrastructure-as-code tools like Terraform a plus
• Working knowledge of GIT, JIRA, Jenkins, Docker, Puppet, Chef, other Agile CI/CD and project management tools and Kanban boards
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
• Experience with OWASP Secure Coding Practices
• Experience with developer oriented (as opposed to infrastructure oriented) automated security testing tools
• Experience with security testing including Whitebox penetration testing as well as code reviews for improving the software security
• Certifications like Certified Cloud Security Professional (CCSP), Certified Secure Software Lifecycle Professional (CSSLP) a plus
• Collaborates with project stakeholders to identify security requirements. Conducts analysis to determine integration needs.
• Oversees the researching, writing and editing of documentation and technical requirements, including software security designs, evaluation plans, test results, technical manuals and formal recommendations and reports.
• Keeps current with technological developments within the software security domain. Monitors and evaluates competitive applications and products. Reviews literature, patents and current practices relevant to the solution of assigned projects.
• Collaborates with project stakeholders to identify product and technical requirements. Conducts analysis to determine integration needs.
• Designs new software and web applications, supports applications under development and customizes current applications. Develops software update process for existing applications. Assists in the roll-out of software releases.
• Trains junior Software Development Engineers on internally developed software applications.
• Oversees the researching, writing and editing of documentation and technical requirements, including evaluation plans, test results, technical manuals and formal recommendations and reports.
• Keeps current with technological developments within the industry. Monitors and evaluates competitive applications and products. Reviews literature, patents and current practices relevant to the solution of assigned projects.
• Provides technical leadership throughout the design process and guidance with regards to practices, procedures and techniques. Serves as a guide and mentor for junior level Software Development Engineers.
• Assists in tracking and evaluating performance metrics. Ensures team delivers software on time, to specification and within budget.
• Works with Quality Assurance team to determine if applications fit specification and technical requirements.
• Displays expertise in knowledge of engineering methodologies, concepts and skills and their application in the area of specified engineering specialty.
• Displays expertise in process design and redesign skills. Presents and defends architectural, design and technical choices to internal audiences.
• Consistent exercise of independent judgment and discretion in matters of significance.
• Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) and overtime as necessary.
• Other duties and responsibilities as assigned.

Employees at all levels are expected to:

• Understand our Operating Principles; make them the guidelines for how you do your job.
• Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.
• Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences.
• Win as a team - make big things happen by working together and being open to new ideas.
• Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers.
• Drive results and growth.
• Respect and promote inclusion & diversity.
• Do what's right for each other, our customers, investors and our communities.

Disclaimer:

• This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications.

Comcast is an EOE/Veterans/Disabled/LGBT employer.

Comcast is proud to be an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other basis protected by applicable law.

Education

Bachelor's Degree

While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience.

Relevant Work Experience

7-10 Years

Salary:

National Pay Range: $90,653.58 USD-$212,469.33 USD

Comcast intends to offer the selected candidate base pay within this range, dependent on job-related, non-discriminatory factors such as experience.

Base pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That’s why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality – to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the compensation and benefits summary on our careers site for more details.

Salary:

National Pay Range: $90,653.58 USD-$212,469.33 USD

Comcast intends to offer the selected candidate base pay within this range, dependent on job-related, non-discriminatory factors such as experience.

Base pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That’s why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality – to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the compensation and benefits summary on our careers site for more details.