Publishing Services, a subsidiary of Agora Inc., helps to make up the largest privately held publishing group in the United States. These affiliated publishers are focused on developing publications and products that help individuals manage their own financial investments, travel, and health. The Publishing Services team is currently in need of an Information Security Software Engineer. This position will report directly to the director of information security. Primary job duties will be to work on the analysis and remediation of various application security scan results. Additional duties will be to assist the information security director on various security initiatives throughout the company. Identify security issues and risks, develop mitigation strategies, foster security-focused tools and training programs, participate in tier 2/3 security operations support, incident handling.
The ideal candidate will have a solid understanding of programming languages and secure programming practices, as well as a broad understanding of information security concepts and technologies. In addition this candidate will have the ability to self-start and work independently.
- 5 years working in Development or Information Security
- Strong background in Web Application security, Web Applications firewalls, DNS, firewalls, Web Application vulnerability testing and auditing.
- Knowledge of security engineering, system and network security, authentication protocols
- Knowledge of cryptography
- Knowledge of authentication protocols.
- Experience securing WordPress or other CMS platforms
- Experience using and analyzing scan results from dynamic and static code analysis tools
- Scripting skills (Perl, Python, Bash, Power Shell)
- Additional programming languages are a plus
- Experience with implementing identity management platforms
- GSSP-JAVA, or a comparable software security certification
- Ability to lead and manage projects
- Familiarity with Linux distributions
- Debugging complied applications with tools such as OllyDbg, IDA Pro, etc.
- Experience with networking, CCNA, routing protocols (BGP), etc.
- Experience with SIEM solutions
- Experience with PCI-DSS
- Participation in various bug bounty programs.