Senior Manager, Application Security
Irvine, CA

Job Description

Job Description:

Job Summary (General Responsibilities):

The Manager, Application Security is a critical member of the Application Security and Software Engineering teams. They will be responsible for identifying security vulnerabilities in hardware, software, cloud, and embedded firmware of pre-release products, post-release updates, 3rd party code, and server environments. They will participate in evaluation of security tools, identification, evaluation, and selection of technologies to continually improve product security. They will be working on networking devices, cameras, home automation and other IoT products from Belkin, Linksys, and Wemo.

Specific responsibilities include:

* Assess and recommend defensive measures to protect environments through commercial, open-source, or custom built tools
* Develop, adapt and enhance Cloud Security infrastructure patch management
* Perform security audits of products under development including hardware, firmware, software and mobile applications
* Participate in the development of secure coding policies, procedures, and standards including tests to be executed before and after code commits
* Participate in training developers on secure coding and remediation techniques
* Evaluate protocols, libraries, and technologies that are being considered for use in our products and make recommendations and collaborate with developers on which ones to implement and how to implement them securely
* Monitor emerging trends in offensive and defensive security techniques and proactively work to improve Belkin and Linksys products
* Participate in product specification and architecture planning to ensure that security requirements are identified early on for all projects
* Ability to script in Bash, Ruby, Python or some other easily applied scripting language
* Create security test cases and automation in python for all known vulnerabilities so they can be used to prevent other products from having similar issues
* Work with partners/vendors to audit SDKs, improve security testing, and secure product design
* Complete threat modeling and identify security gaps and paths of potential exploitation
* Provide audit status and reports to stakeholders with the ability to balance secure principles and potential exploitation with business needs
* Participate as a technical resource in Product Security Incident Response Team (PSIRT) evaluation and Root Cause Analysis (RCA) of vulnerabilities/exploits sent from external sources
* Fulfill responsibilities under ISO 9001 and 14001; understand and fully support IS0 system.
* Comply with Health and Safety requirements of Belkin.
* Maintain a safe and clean work environment.
* Understand and follow company rules and regulations.
* Perform all other duties as assigned and required.

Education and Experience Requirements:

* BS in Computer Science or equivalent work experience required
* Minimum of 5 years of applied experience working in the Network Security, Mobile Application Security, Cloud Security or Embedded Security required
* Minimum of 5 years of experience in Linux administration, scripting, and command line configuration and utilities required
* In-depth knowledge of web technologies, protocols, web services, and interfaces required
* Applied experience in Jira/Confluence or other defect management systems required
* Knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc. required
* Expertise in one or more of the following: Python, Ruby, JS, or Bash
* CISSP and CSSLP Certification preferred
* Previous experience securing servers in Amazon AWS deployments or similar environments
* Deep understanding of the Vulnerability Management process and experience remediating server and OS
* Experience with Firewall, IDS/IPS, WAF (Web Application Firewall) preferred
* Experience with hardware exploitation and physical hardware alteration preferred
* Penetration testing experience with cloud, embedded Linux, or mobile applications (iOS or Android) preferred
* Work experience with common security tools for recon, exploitation, and validation
* Understanding of reverse engineering techniques and experience with tools such as binwalk, FMK and IDAPro/GDB preferred
* In-depth understanding of secure coding techniques
* Experience developing in Java, C, C++, C#, or Objective C preferred
* Excellent analytical and problem-solving skills
* Strong communication and interpersonal skills is required
* Drive for continuous learning and discovery
* Independent, self-managed, and motivated with HIGH ethics - White Hats only…
* Proven track record of success (such as CVE's filed, Certifications and applied expertise directly relating to those Certifications, etc.)

What you're getting into

We've got big collaborative spaces for your big ideas, so bring an open mind and leave your suit in the closet. We all are committed to creating unique and rewarding consumer experiences. Everyone is interested in succeeding - for the team, for themselves and for the business. Cross-functionally and across the company, everyone has common goals and aspires to be their best.

You will learn something new or at least look at things differently every day. There are so many smart and creative people around that you'll be motivated to pursue the ideal.

Team spirit is infectious. Belkin is an extremely open workplace, where communication is essential. Not every idea will be accepted, but you'll be asked for your point of view. Innovation thrives on multiple and varied levels. At Belkin we challenge conventional wisdom and refuse to accept that something cannot be done.

We are committed to diversity. Belkin is an Equal Opportunity and Affirmative Action Employer M/F/D/V. We maintain a drug-free workplace.

All candidates applying for a job in the EMEA region, please review the Applicant Privacy notice HERE

Location:Irvine, California