Principal, Software Security Engineer (AppSec / DevSecOps)

Description

Ingram Micro touches 80% of the technology you use every day with our focus on Technology Solutions, Cloud, and Commerce and Lifecycle Solutions. With $50 billion in revenue, we have become the world’s largest technology distributor with operations in 64 countries and more than 35,000 associates.   

At Ingram Micro, we believe that Security must be part of our software DNA, delivered through SSDLC and DevSecOps. As Principle, Software Security Engineer, you will provide technical leadership to other team members, influence cross-organizational positive changes as it pertains to SSDLC and DevSecOps. If you are passionate about building a Culture of Security within Agile, CI/CD and DevSecOps come join our team!  

Position Summary 

• Integrated Security SME within the SSDLC to ensure security is always included at every phase  
• Perform application/software security risk assessments for custom developed code 
• Gain deep insight into the software being developed to ensure security is part of the value chain 
• Partner with the Cloud Security Operations Engineering Teams for frictionless release handoff within DevSecOps 
• Lead application security reviews and threat modeling, including code review and dynamic testing 
• Lead the delivery of the secure software delivery framework (SSDF) through building of security technical roadmap 
• Own and perform application/software security vulnerability assessments   
• Lead in development of automated security testing to validate that secure coding best practices are being used   
• Champion security recruiting activities with leadership 
• Perform assessments of SDLC processes, guide and advise software development teams as SMEs in application security at every phase of the SSDLC  
• Develop and deliver application/software security training and outreach to build security champions within the organization 

Job Qualifications:

Must Have Skills 

• Strong coding skills in at least one of the following OO languages: Python, Java, C++, C#, .Net, Ruby, or any advanced web or mobile apps programming language to be able to target security weaknesses
• Hands-on experience in secure code review or code review
• Strong understanding and experience with common security libraries, security controls, and common security flaws (OWASP)
• Strong experience working closely with developers within SSDLC leading secure software development project and building a SSDF
• Experience working in at least one of the cloud platforms like AWS, Azure, GCP

Nice To Have Skills

• Experience working in Agile, DevSecOps framework with vulnerability assessment tools like SAST/SCA, or DAST
• Be a subject matter expert (SME) of at least 1 technical area impacting the security software
• Proven experience with threat modeling as well as software security risk assessment, converting the data into threat reports and action plans
• Experience or knowledge in any APIs/API Protocols like REST, SOAP
• Strong integration and automation skills via APIs like REST
• Experience in delivering large-scale distributed systems 
• Ability to take a project from scoping requirements through actual launch of the project  
• Experience in communicating with users, other technical teams, and management to collect requirements, describe software features, and technical designs  
• Experience translating design mockups and prototypes into working application designs 
• Experience with standards, frameworks, and certifications such as NIST SSDF, OWASP Top 10 and ASVS, BSIMM, ISO27034, ISO27001, CSA STAR, SOC2 and PCIDSS

Education & Experience 

• Four-year degree in software or security engineering or related field    
• Minimum 8 years of experience in software development and/or security including a minimum of 5 years of experience including offensive security, software development, application security 
• Preferred Certifications: CSSLP, CSDP, CEH, CISSP, CCSP, OSCP, OSWE, GPEN, GXPN 

Other Information 

• Pass a background check 
• Pass a proficiency exam related to the role