Cloud Application Security Specialist (CISSP, CSSLP, or GIAC)

At Citrix, we focus on a single driving principle: making the world’s apps and data secure and easy to access. Anywhere. At any time. And on any device or network. We believe that technology should be a great liberator. Freeing organizations to push the limits of productivity and innovation. Empowering people to work anywhere and at anytime. And giving IT the peace of mind that critical systems will always be accessible and secure.

The Citrix Cloud Services Group is looking for an experienced DevOps Security Specialist to assist in the management of Citrix Workspace Cloud. This role involves a variety of security activities ranging from the execution of a secure development lifecycle process, technical and risk analysis of potential product vulnerabilities and exploits. The candidate will have the opportunity to work on a range of products in Citrix technologies, and will be part of an emerging team influencing the future of Citrix. The ideal candidate will be a technically oriented security engineer with a proven track record in application level security analysis, including design, source code, binary level reviews, and have strong experience working with network appliance development teams. Additional desirable skills and experience include: commercial software development experience, specific technical knowledge of operating systems internals and security mechanisms, and hands-on experience building or executing a secure development process. The main focus of the candidate will be to work with Citrix Cloud Services teams and other security specialists to uphold the level of security in Citrix products. This will involve conducting detailed technical security analysis of specific components as well as working with engineering teams to provide general application security guidance and implementation in an automated fashion. Candidates may also be involved in several other aspects of the overall secure development process including incident response.

* Security analysis of product architecture, design, and implementation * Identification and analysis of potential security vulnerabilities * Identifying and driving longer term product and process improvements * Making technical and business recommendations to product teams * Analysis of customer or researcher reported security issues * Automating the implementation of Security best practices and software * Technical risk assessment * Driving Security incident response across all the product teams

* The ideal candidate will be a technically oriented security engineer with a proven track record in application level security analysis, including design, source code, binary level reviews, and have strong experience working with network appliance development teams. Additional desirable skills and experience include: commercial software development experience, specific technical knowledge of operating systems internals and security mechanisms, and hands-on experience building or executing a secure development process. * The main focus of the candidate will be to work with Citrix Cloud Services teams and other security specialists to uphold the level of security in Citrix products. This will involve conducting detailed technical security analysis of specific components as well as working with engineering teams to provide general application security guidance and implementation in an automated fashion. Candidates may also be involved in several other aspects of the overall secure development process including incident response. **Qualifications and Requirements** * Experience as a technical lead in several major software projects. * Detailed knowledge of common software vulnerabilities * Support of platform and customers on a 24x7 on-call basis * Proven ability to derive and apply creative attack techniques * Proven ability to analyze potential vulnerabilities to determine if an exploit is feasible * Experience deriving threat models or attack trees * Ability to identify and implement longer term product and process improvements * Ability to clearly and effectively communicate with engineers and management * Strong understanding of networking and related technologies and security risks * Strong understanding of common networking protocols: TCP, IP, UDP, HTTP, SSL, and IPSec * Demonstrated experience with fuzzing and penetration testing to find security issues in network appliances. * Detailed, low-level, technical knowledge of Windows, Unix, or Linux operating systems. * Bachelor’s degree in Computer Science or related field. **Desirable:** * CISSP, CSSLP, or GIAC certifications. * Hands on experience with networking technologies including: SSL acceleration, load balancing, WAN optimization, and QoS * Hands-on software development experience * Experience with PowerShell scripting, Chef or Puppet automation frameworks * Good understanding of Cloud based computing: Azure, AWS, PAAS, IAAS * Experience with static code or binary analysis tools * Demonstrated experience with applied cryptography