Senior Application Security Engineer
Natick, MA 
Share
Posted 13 days ago
Job Description
Job Description

About Us:

Cognex is the largest, most successful and recognized global player in industrial machine vision! We are a financially strong, international company with no debt and have been in business for over 40 years. Using advanced optics, image sensors and artificial intelligence software Cognex vision and ID systems capture an image then analyze it to make sense of what's being seen.We are deeply committed to fostering an inclusive and equitable work environment, guided by our "Work Hard, Play Hard, Move Fast" culture, which celebrates employee innovation, determination, and dedication in a dynamic, fun, and distinctive atmosphere.

We are working on a hybrid schedule, 3 days in the office, 2 at home.

The Role:

As a Senior Application Security Engineer, your role is to partner with product and application developers to establish best practices for secure software development life cycle (SDLC) at Cognex.

Your mission is to advise, source, implement, demonstrate and train Cognex's product and application development teams on the processes, procedures, tooling, and automation necessary to establish and mature the security of Cognex's SDLC and its products and applications.

Your expertise on secure design and code reviews, threat modeling, risk assessments, and software security testsis an essential value-add that will help establish a foundational doctrine throughout Cognex's development communities. Your ability to influence and drive adoption of best practices is crucial.

This position is based in Natick, Massachusetts and can accommodate remote work up-to two days per week.

Essential Functions:

  • Partner with Product and Applications teams to develop best practices and procedures that fulfil the control requirements of priority standards and certifications, including ISO 27001, IEC 62443, OWASP, NIST and others

  • In collaboration with Product and Application teams, lead, consult and participate in the research, proof of concepts, business cases, recommendations and decision facilitation, and implementation, including integration and training, for important new security tools and automation employed in Cognex's SDLC and CI/CD processes

  • Advise, demonstrate, train and participate in -best practices to establish and maintain secure architectures; designs and code reviews; threat models; risk assessments; control and security requirements generation

  • Consolidate, prioritize and report on control gaps as a result of audits, risk assessments, compliance assessments and a range of security tests including: pen-tests, vulnerability assessment, and static- and dynamic- application security tests, ensuring remediation plans are developed and implemented to reasonable timescales to ensure continuous improvement towards security certifications

  • Recommend, influence, and partner in the development and implementation of technical, operational and administrative controls relevant to Cognex's product and application development, operations and support

  • Advise and participate in security architecture and design review meetings.

  • Consult and occasionally perform security assessments of company products that may include vulnerability and risk assessments, threat analysis and security code reviews to identify potential design and implementation vulnerabilities

  • Advise on the design and development of security features for products including systems, applications and/or solutions

  • Champion and train product teams on methodologies for the determination of security requirements for new security features and updates into existing products to ensure that the security of products is maintained throughout the product lifecycle

  • Develop product security engineering recommendations and consult in the resolution of integration and testing issues

  • Review and define security diagnostics and tools to facilitate the analysis and reporting of security events

  • Detect and mitigate security risks, respond to product security incidents, and work with customers regarding product security related issues

Knowledge, Skills, and Abilities:

  • Demonstrated experience developing and implementing technical, operational and administrative security controls relevant to software development from ISO/IEC 27001, ISO 15408 Common Criteria, ANSI/ISA/IEC 62443 (Formerly ISA-99) and OWASP ASVS in a medium to large sized national or multi-national organization, ideally an organization with a significant hardware and software engineering component

  • Knowledge and experience in IT infrastructure engineering, security engineering, IoT Security, and/or software engineering

  • Knowledge and experience in software development and software development life-cycle (SDLC) processes

  • Knowledge and experience with SAST/DAST/Penetration security tools employed in software development, including Synopsys' Coverity and Blackduck, SonarQube, Veracode, Checkmarx, Reshift, Codacy, Gitlab, Tenable and Rapid7

  • Knowledge and experience with cloud environments and cloud-based development including Azure and AWS

Minimum Qualifications:

  • BS degree in Computer Science, or a related technical field, or equivalent practical experience

  • 5 years of experience in software / application development

  • 3 years of experience implementing/practicing security-oriented controls in the software development life-cycle process

  • 2 years of experience in application-level vulnerability testing and code-level security auditing

Preferred Qualifications:

  • MS in Computer Science or a related technical field

  • Relevant work experience in penetration testing or red teaming

  • Strong scripting experience in any major scripting language to automate as many parts of the environment as possible

  • Software development experience in C, Java, or Python.

  • Technical knowledge of security engineering, computer and network security, authentication, security protocols and applied cryptography

  • Security certifications are a plus

  • Certifications in software development and security

  • Self-motivated and results-oriented

  • Effective interpersonal and communication skills

Additional Job Description

Equal Employment Opportunity

Cognex is an equal opportunity employer. Cognex evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

 

Job Summary
Start Date
As soon as possible
Employment Term and Type
Regular, Full Time
Required Education
Bachelor's Degree
Required Experience
5+ years
Email this Job to Yourself or a Friend
Indicates required fields