Software Security Engineer

Our passion for improving quality of life through geography is at the heart of everything we do. Esri’s geographic information system (GIS) technology inspires and enables governments, universities, and businesses worldwide to save money, lives, and our environment through a deeper understanding of the changing world around them. Carefully managed growth and zero debt give Esri stability that is uncommon in today's volatile business world.

* Are you an experienced software developer who craves more variety in your work? In this role, you'll work with development teams to design and build secure solutions, participate in and coordinate penetration testing activities, and generally solve security challenges at massive scale. You will ensure that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, and quickly reacting to new threat scenarios. Bottom line, you love to write/read cod and have a strong curiosity in exploring and testing software with unintended use cases and improving the ability of software to withstand attacks.

* Read and understand (debug) code written by others, enabling ability to troubleshoot and determine a root cause * Provide significant secure coding contributions to multiple groups throughout Esri, including the software security team * Develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices * Foster constructive dialogue and seek resolution when confronted with discordant views * Participate fully in the planning of the software security team's work and constantly seek opportunities for process improvement * Become a sought-out security resource while having an understanding of the application of information security in a broad range of technical areas * Utilize a combination of troubleshooting, technical, and communication skills to handle a mix of disparate tasks which may include project and software development work * Perform application security reviews and penetration testing as well as project/research work as needed * Lead security training and outreach to internal development teams * Provide security guidance documentation and security tool development; facilitate delivery and improvement of security metrics

* Minimum of two years of experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration, and network security * Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”) * Intermediate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security * Knowledge of relational databases such as SQL Server, Oracle, PostgreSQL, or DB2 * Experience with various platform architectures including server, desktop, mobile, Linux, and Windows * Experience developing middleware software components using core Java, Servlets, JSP, EJBs * Proficient with development frameworks and languages (e.g., Java, C/C++, .NET, C#, Python, Perl, Objective C, Swift, etc.) and in writing secure code * Experience developing code in a popular Java IDE, i.e. Eclipse/IntelliJ IDEA * Fundamental understanding of web services including SOAP and REST * Bachelor's in computer science or related field, or equivalent work experience