Cognex is the largest, most successful and recognized global player in industrial machine vision! We are a financially strong, international company with no debt and have been in business for over 40 years. Using advanced optics, image sensors and artificial intelligence software Cognex vision and ID systems capture an image then analyze it to make sense of what's being seen.We are deeply committed to fostering an inclusive and equitable work environment, guided by our "Work Hard, Play Hard, Move Fast" culture, which celebrates employee innovation, determination, and dedication in a dynamic, fun, and distinctive atmosphere.
We are working on a hybrid schedule, 3 days in the office, 2 at home.
As a Senior Application Security Engineer, your role is to partner with product and application developers to establish best practices for secure software development life cycle (SDLC) at Cognex.
Your mission is to advise, source, implement, demonstrate and train Cognex's product and application development teams on the processes, procedures, tooling, and automation necessary to establish and mature the security of Cognex's SDLC and its products and applications.
Your expertise on secure design and code reviews, threat modeling, risk assessments, and software security testsis an essential value-add that will help establish a foundational doctrine throughout Cognex's development communities. Your ability to influence and drive adoption of best practices is crucial.
This position is based in Natick, Massachusetts and can accommodate remote work up-to two days per week.
Partner with Product and Applications teams to develop best practices and procedures that fulfil the control requirements of priority standards and certifications, including ISO 27001, IEC 62443, OWASP, NIST and others
In collaboration with Product and Application teams, lead, consult and participate in the research, proof of concepts, business cases, recommendations and decision facilitation, and implementation, including integration and training, for important new security tools and automation employed in Cognex's SDLC and CI/CD processes
Advise, demonstrate, train and participate in -best practices to establish and maintain secure architectures; designs and code reviews; threat models; risk assessments; control and security requirements generation
Consolidate, prioritize and report on control gaps as a result of audits, risk assessments, compliance assessments and a range of security tests including: pen-tests, vulnerability assessment, and static- and dynamic- application security tests, ensuring remediation plans are developed and implemented to reasonable timescales to ensure continuous improvement towards security certifications
Recommend, influence, and partner in the development and implementation of technical, operational and administrative controls relevant to Cognex's product and application development, operations and support
Advise and participate in security architecture and design review meetings.
Consult and occasionally perform security assessments of company products that may include vulnerability and risk assessments, threat analysis and security code reviews to identify potential design and implementation vulnerabilities
Advise on the design and development of security features for products including systems, applications and/or solutions
Champion and train product teams on methodologies for the determination of security requirements for new security features and updates into existing products to ensure that the security of products is maintained throughout the product lifecycle
Develop product security engineering recommendations and consult in the resolution of integration and testing issues
Review and define security diagnostics and tools to facilitate the analysis and reporting of security events
Detect and mitigate security risks, respond to product security incidents, and work with customers regarding product security related issues
Knowledge, Skills, and Abilities:
Demonstrated experience developing and implementing technical, operational and administrative security controls relevant to software development from ISO/IEC 27001, ISO 15408 Common Criteria, ANSI/ISA/IEC 62443 (Formerly ISA-99) and OWASP ASVS in a medium to large sized national or multi-national organization, ideally an organization with a significant hardware and software engineering component
Knowledge and experience in IT infrastructure engineering, security engineering, IoT Security, and/or software engineering
Knowledge and experience in software development and software development life-cycle (SDLC) processes
Knowledge and experience with SAST/DAST/Penetration security tools employed in software development, including Synopsys' Coverity and Blackduck, SonarQube, Veracode, Checkmarx, Reshift, Codacy, Gitlab, Tenable and Rapid7
Knowledge and experience with cloud environments and cloud-based development including Azure and AWS
BS degree in Computer Science, or a related technical field, or equivalent practical experience
5 years of experience in software / application development
3 years of experience implementing/practicing security-oriented controls in the software development life-cycle process
2 years of experience in application-level vulnerability testing and code-level security auditing
MS in Computer Science or a related technical field
Relevant work experience in penetration testing or red teaming
Strong scripting experience in any major scripting language to automate as many parts of the environment as possible
Software development experience in C, Java, or Python.
Technical knowledge of security engineering, computer and network security, authentication, security protocols and applied cryptography
Security certifications are a plus
Certifications in software development and security
Self-motivated and results-oriented
Effective interpersonal and communication skills
Equal Employment Opportunity
Cognex is an equal opportunity employer. Cognex evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.