Secure Development Engineer
Posted on: April 18, 2019
Are you data-driven? We at NetApp believe in the transformative
power of data - to expand customer touchpoints, to foster greater
innovation, and to optimize operations. We are designed for
simplicity, optimized to protect, created to embrace future
opportunity, and open to enrich choice. We are the data authority
for hybrid cloud, and we are helping our customers realize the full
potential of their data.
We've built a Data Fabric for a data-driven world - to simplify and
integrate data management across the resources that are best for
the business. With the Data Fabric, our customers can harness the
power of cloud data services, build cloud infrastructures, and
modernize storage through data management.
By modernizing storage through data management, customers can
upgrade infrastructure to bring modern data services to existing
applications. Only NetApp can help organizations free the resources
necessary to fund transformation by deploying the industry's
leading flash storage solution, which is highly efficient and
scalable in both data center and cloud environments.
As a Secure Development Lifecycle (SDL) Engineer you will take an
active role in a cross functional team, focused on determining
requirements, architecture, design, and guiding the implementation
of multiple product security assurance initiatives. You will plan,
lead, and manage, and track the application and compliance of
secure development lifecycle activities across NetApp's product
portfolio. This is a challenging position working in a very fast
paced environment, with the opportunity to work collaboratively
with like professionals in the Product Security, Engineering,
Marketing, Operations, Legal, Testing and Global Services
functions, and to positively influence greater business
The Secure Development Lifecycle Engineer coordinates NetApp
Technology Groups during the product lifecycle, ensuring security
checkpoints are understood and completed. The role involves working
with others who have a varying level of understanding of product
security and how it impacts their functions. A successful candidate
will be able to relate secure development to all levels of
experience from senior leadership to entry-level engineers. The job
requires the handling of sensitive information and requires
exceptional judgment to protect company and customer interests.
* Define, commit, and track secure development lifecycle activities
across the entire product development organization.
* Continually working to improve application security through new
and adjusted methodology and tooling.
* Coordinate with engineers, serve as a project lead, and/or
recognized as an expert in secure design, development, and
* Perform technical security assessments including threat modeling,
attack surface analysis, security baseline analysis, security
requirements/architectural review, code review, and final security
reviews and recommendations.
* Identify and communicate project scope and ensure program
milestones and objectives are met.
* Keep management informed of key issues and changes which may
impact expected business results.
* Ensure that projects adhere to efficient processes and initiate
process and tooling improvements as needed.
* Provide recommendations on remediation approaches that strike the
right balance across business deliverables.
* Assist with other tasks as needed, including maintenance of
internal development tools for Product Security and Product
Security Incident Response (PSIRT)
* Excellent written and verbal communication skills.
* Experienced in most aspects of a Secure Development Lifecycle,
including: code review, Software Composition Analysis (SCA),
detecting and mitigating common weaknesses (OWASP Top 10), static
analysis security testing (SAST), web app scanning (DAST),
vulnerability scanning, fuzzing, threat modeling, and architectural
* Penetration testing experience is a desirable.
* Experience in storage (block/file/object), databases, or other
distributed systems is highly desirable.
* Strong understanding of common networking protocols (e.g. TCP/IP,
Ethernet, DNS, HTTP, TLS).
* Proven experience in working collaboratively and leading
engineering teams in secure software development.
* Strong understanding of third-party and open source software
integration and usage methodology.
* Minimum 2 years of software development experience in 1 or more
of: C, C++, C# & Java. Must be well-versed in common security
patterns and vulnerabilities in these languages.
* Development skills in one or more interpreted languages
* Knowledgeable in common software patterns, data structures &
algorithms, and development methodologies. Proven ability to
quickly pick-up new languages, frameworks, and codebases.
Typically requires a minimum of 5 years of related experience with
a Bachelor's degree; or 3 years and a Master's degree; or a PhD
without experience; or equivalent work experience.
* A minimum of 4 years of experience is required. 5 to 7 years of
experience is preferred.
* A Bachelor of Science Degree in Engineering or Computer Science,
a Master Degree, or a PhD; or equivalent experience is
* Demonstrated ability to have led and completed multiple complex
* OSCP is highly desirable
So get ready to tap into the data visionary within, and join us as
we accelerate digital transformation and empower our customers to
change the world with data!
If you ask a NetApp employee why they work here, the answer is
inevitably the same: the people. At NetApp, our culture is at the
heart of what we do. We place importance in trust, integrity,
teamwork, and caring above all else. NetApp is a place where people
are empowered to make a difference. Empowered to innovate.
Empowered to collaborate. Empowered to help ourselves and others be
data-driven and change the world. We take care of each other, our
customers, our partners, and our communities simply because it's
the right thing to do.
We work hard but also recognize the importance of work-life balance
for our employees because what's important to them is important to
us! Recently we implemented Family First, which encourages
employees to take paid time off to bond with a new child (through
birth or adoption) or to care for a family member with a serious
health condition. Our volunteer time off program is best in class,
offering employees 40 hours of paid time off per year to donate
their time with their favorite organizations. We provide
comprehensive medical, dental, wellness and vision plans for you
and your family. We offer educational assistance, legal services,
and access to discounts and fitness centers. We also offer
financial savings programs to help you plan for your future.
Join us and see what empowerment can do.
Equal Opportunity Employer Minorities/Women/Vets/Disabled
Keywords: NetApp, Durham , Secure Development Engineer, Engineering , Durham, North Carolina
Didn't find what you're looking for? Search again!