Job
Description
Job Description Objective LabVantage Solutions is an industry leading provider of laboratory software products. Our products enable scientists and analysts across the globe to develop novel solutions, work effectively, and meet regulatory compliance. LabVantage solution is an OLTP system based on RDBMS platforms, including Oracle, SQL Server, and EDB (Postgres managed DB for our SaaS solution). This position plays a key role in the development and security of LabVantage Solutions software. The individual will be responsible for monitoring and analyzing security vulnerabilities, conducting risk assessments, and implementing security measures. They will ensure secure coding practices, perform security testing, and collaborate with DevOps to integrate security into the development lifecycle. The Security Engineer must have a solid understanding of core Java concepts such as imports, inheritance, and class conflicts, and should be capable of making necessary code changes. They will be responsible for identifying potential risks to LabVantage and recommending appropriate mitigation strategies, including suppression, smoke testing, soak testing, or limited regression. Role Responsibility Review and Monitor CVEs: Continuously monitor Common Vulnerabilities and Exposures (CVEs) to identify potential threats and vulnerabilities. Penetration Test Analysis: Analyze penetration test reports to understand vulnerabilities and recommend remediation steps. Dependency and Third-Party Software Management: Assess and manage dependencies and third-party software for security risks. Risk Assessment and Mitigation: Conduct risk assessments and develop mitigation strategies to address identified vulnerabilities. Static and Dynamic Analysis: Use tools for static and dynamic code analysis to detect vulnerabilities and ensure code quality. Integration with DevOps: Work closely with DevOps teams to integrate security into the CI/CD pipeline, ensuring automated and continuous security checks. Threat Modeling: Perform threat modeling to identify potential security threats and design countermeasures during the product design phase. Security Testing: Conduct various types of security testing, such as penetration testing, to identify and address vulnerabilities in the product. Security Requirements: Define and enforce security requirements for new features and products to ensure they meet the organization's security standards. Job Qualifications 5+ years of experience in information security, including roles as a Security Analyst and/or Security Engineer. Experience with secure coding practices, code reviews, and security testing. Experience with static and dynamic code analysis tools. Experience with CI/CD pipelines and integrating security into DevOps processes. Certifications: Relevant certifications such as CISSP, CEH, OSCP, or similar. Skills Strong understanding of security principles, protocols, and best practices. Proficiency in security tools and technologies (e.g., Wiz, SonarQube, vulnerability scanners). Knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001, SOC2). Familiarity with the OWASP Top 10 vulnerabilities and mitigation strategies Understanding of NIST cybersecurity standards and frameworks (e.g., NIST CSF, NIST SP 800-53) Strong communication and collaboration skills. Interested candidates apply!
