IS Security Developer

Company: Cooley
Location: Palo Alto
Posted on: June 8, 2021

Job Description:

IS Security Developer

Cooley is seeking a IS Security Developer to join the IS Architecture and Security team.

Position summary: Cooley Information Services (IS) embraces a culture of customer service excellence and all members of the department are expected to move this agenda forward. To that end, the IS Security Developer is expected to recognize that the Cooley IS department is a service organization first and foremost and will be evaluated on this requirement equal in importance to the technical or operational responsibilities outlined later in this document.

The IS Security Developer is an advanced role to help support, secure, manage and deploy solutions that support business objectives. The role is highly technical, and candidates must possess a solid understanding of information security, infrastructure, software and various operating systems. The IS Security Developer will work with all IS teams to ensure systems are developed and architected to meet the firm's security standards. Specific duties and responsibilities include, but are not limited to, the following:

Position responsibilities:

• Supervise testing and validation in application security controls across projects

• Oversee implementation of red team practices and defensive countermeasures across infrastructure and applications

• Assess security tools and integrate tools as needed

• Identify vulnerabilities in code through automated/manual assessments

• Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business

• Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors as well as workarounds

• Join forces and provision security principles in architecture, infrastructure and code

• Regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary

• Design, engineer, deploy, and maintain custom automation security products

• Build security tooling and automation in support of the firm's SOAR efforts

• Define and own metrics and key performance indicators to determine the effectiveness of the Security Automation program

• Educate other developers/team members on secure coding best practices

• Enhance alerts by programming automation of log and alerting systems through programing new queries, dashboard and reports in security systems

• Use problem management to drive continuous improvement in incident processes and identify/share best practices across the incident response teams

• Develop automated security testing to validate that secure coding best practices are being used

• Guide, advise, and assist product development teams as SMEs in the area of application security

• All other duties as assigned or required

Skills and experience:

Required:

• Ability to work extended and/or weekend hours, as required

• Ability to travel, as required

• Previous experience on a Security Operations, Software Development, or Automation team

• Scripting/coding experience with one or more languages - Python, Ruby, JSON

• Experience work with SOAR tools, security product APIs, and developing code for security automation efforts

• Understanding of the DevSecOps model

• Experience with infrastructure as code processes and tools

• Experience with OWASP, static/dynamic analysis, and common exploit tools and methods

• An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

• Familiarity with cloud security controls and best practices

• 4+ years of relevant work experience in information services/cyber security/information governance

• Required to participate in a 7x24 on-call rotation

Preferred:

• Familiarity with Python, JSON queries

• Good communication and documentation skills

• Experience with SQL

• Knowledge of Linux tools/architecture and logging systems

• Experience with Microsoft Azure, O365, and M365

• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC)

Cooley offers a competitive compensation and excellent benefits package. EOE.

Pursuant to the Colorado Equal Pay For Equal Work Act, please find the compensation range specific to this role if based in CO, as well as a description of bonus and benefits generally applicable across all US offices.

• Colorado pay range for this role, with final offer amount dependent on skillset and experience: $115,000- $140,000.

• Other compensation may include an annual discretionary merit bonus.

• Employees in this role will have the option to elect various benefits, including medical, dental, vision, accidental death and dismemberment, life insurance, dependent life insurance, long term disability, long-term care insurance, health savings accounts (if enrolled in an HDHP), health/dependent care spending accounts, 401(k) and profit sharing.

• Other benefits include PTO and the option to participate in our tuition reimbursement program and wellness program, which includes fitness reimbursement each year.

Keywords: Cooley, Palo Alto , IS Security Developer, Other , Palo Alto, California