Sr. Software Security Engineer (AppSec / DevSecOps)

Description

Ingram Micro touches 80% of the technology you use every day with our focus on Technology Solutions, Cloud, and Commerce and Lifecycle Solutions. With $50 billion in revenue, we have become the world’s largest technology distributor with operations in 64 countries and more than 35,000 associates.    

At Ingram Micro, we believe that Security must be part of our software DNA, championed and delivered through SSDLC and DevSecOps.  As a Sr. Software Security Engineer, you will work closely with the development teams and Security Operations Team to verify that our applications satisfy the defined security criteria, supporting the organization on the secure design of our global supply-chain platform, conducting reviews of the developed applications, while improving the automation of security in our development lifecycle. 

Position Summary

• Focus on developing and maintaining home-grown applications to support security engagement within the SSDLC  
• Consult with development teams to implement sound SSDLC practices along with coding, data engineering and security services integration / automation following NIST SSDF, OWASP ASVS and BSIMM 
• Active participation in proof-of-concept implementations to test and assess off-the-shelf and home-grown technologies to address SSDLC, DevSecOps compliance with SOX, PCI, ISO27001    
• Work with security team members to manage the day-to-day development activities, participate in designs, design review, code review, and implementation  
• Mentoring other developers for Secure Coding practice
• Maintaining current technical knowledge to support rapidly changing technology, look out for new technologies and work with the team in bringing in new technologies 

Job Qualifications

Must Have Skills  

• Strong coding skills in at least one of the following OO languages: Python, Java, C++, C#, .Net, Ruby, or any advanced web or mobile apps programming language
• Hands-on experience in source code reviews
• Experience or knowledge in SSDLC process
• Experience working in at least one of the cloud platforms like AWS, Azure, GCP

Nice To Have Skills

• Experience with Agile, DevSecOps frameworks and technologies including SAST or DAST
• Experience in Web/Mobile Application Security with hands-on in secure coding or secure coding reviews 
• Experience or knowledge in any APIs/API Protocols like REST, SOAP
• Strong integration and automation skills via APIs like REST
• Experience in delivering large-scale distributed systems 
• Ability to take a project from scoping requirements through actual launch of the project  
• Experience in communicating with users, other technical teams, and management to collect requirements, describe software features, and technical designs  
• Experience translating design mockups and prototypes into working application designs 

Education & Experience 

• Four-year degree in software or security engineering or related field   
• Minimum of 5 software development experience preferred in cyber security/AppSec
• Preferred Certifications: CSSLP, CSDP, CEH, CISSP, CCSP, OSCP, OSWE, GPEN, GXPN