Software Security Engineers plan and manage the evaluation of software processes from a security perspective. They identify, propose, and initiate software process improvement activities within the organisation, devising solutions. They take action to exploit opportunities that will have a measurable effect on operational effectiveness, with associated benefits to the business. They promote the benefits of addressing security during system development and apply secure development improvement practices.
Application development is the design, creation, testing and documenting of new and amended programs from supplied specifications in accordance with agreed standards. The Software Security Engineer provides advice, assistance and leadership in improving the quality of software development, by focussing on software security. They facilitate improvements by changing approaches and working practices, typically using recognised models such as the Building Security In Maturity Model (BSIMM).
Software Security Engineers plan and manage the evaluation of software processes from a security perspective. They Identify, propose, and initiate software process improvement activities within the organisation, devising solutions. They take action to exploit opportunities that will have a measurable effect on operational effectiveness, with associated benefits to the business. They promote the benefits of addressing security during system development and apply secure development improvement practices.
Software Security Engineers are most often experienced senior level developers with a broad range of technical experience, rounded design skills, commitment to quality and an understanding of project management techniques, but with a specialism in Software Security
The ideal candidate will have the following skills and capabilities:
• A very strong focus on software security gained from hands on experience of developing applications.
• A good understanding and familiarity with the full software development lifecycle and different software development models; will have experience of developing software using prescribed methods, processes and standards.
• Able to document processes and standards clearly and concisely and communicate those processes and standards to development teams.
• Familiarity with Agile techniques in order to maximise their usage and benefit across the lifecycle.
In depth experience of tools supporting the development.
• In depth understanding of unit testing, automated unit testing and test driven development.
• In depth understanding and experience of estimation techniques and processes in both an agile and waterfall environment.
• Good interpersonal communication skills with an ability to interpret and present information to a variety of recipients using suitable modes of communication.
• Able to demonstrate a high level of professionalism, organisation, self-motivation and a desire for self-improvement.
• An understanding of good team practice and the ability to work with and influence others sharing knowledge/experience when appropriate.
• The desire and ability to seek up to date information from elsewhere and apply this in relation to design, development, support and management activities .
• A detailed understanding of Object Oriented Programming / Object Oriented Design and understand when and how to use Design patterns.
• Understand version control, source code management, branching, merging and Configuration Management
It would also be advantageous for the candidate to have:
• Knowledge of unit testing tools
• Knowledge of object relational mapping tools
• In depth understanding of one or more business areas that fall within their teams remit
• Chartered Membership of the British Computer Society