63612R-Security Engineer 2

About the Job:

Juniper Network’s Security Incident Response Team (SIRT) is the focal point for discovering and remediating product security vulnerabilities.  The role of an Incident Manager (IM) is to drive security defects to resolution by understanding the software flaw, its impact, its proper resolution, and then communicating that to customers through Juniper Security Advisories.  SIRT IMs are part of a global team that works closely with both the support and engineering organizations.  The role requires understanding of secure software development and the consequences of security flaws.  The successful candidate will have a passion for security and an ability to see problems with a security professional’s perspective. 

Responsibilities:

Juniper is seeking an experienced Security Incident Response Manager to join the Juniper SIRT.

The SIRT IM is responsible for:

• Investigating reports of potential vulnerabilities
• Analyzing software flaws and working with engineering teams to ensure proper remediation
• Authoring and presenting Security Advisories
• Working with external security communities, security researchers, and customers 
• Managing the response to product security incidents

Requirements: 

• Should have 2-4 years of product security incident response experience.
• Familiarity with secure programming concepts and testing.
• Good understanding of web application security threats and defenses (SQL Injection, XSS, CSRF, etc.,).
• Good understanding of database security threats and defenses (cloud/container configuration, access control, authentication, misconfigured and abused privileges, logging and auditing).
• Familiarity with OWASP guidelines. Participation in a local OWASP chapter or similar security focused communities is a plus.
• Familiarity with Common Vulnerabilities and Exposure (CVE) systems, Coordinated Vulnerability Disclosure (CVD).
• Familiarity with the Common Weakness Enumeration (CWE) types and CERT Secure Coding Standards.
• Familiarity with the Common Vulnerability Scoring System (CVSS).
• Familiarity with agile software development/continuous integration/automation. 
• Minimum of a Bachelor’s Degree in Engineering or Computer Science or Cybersecurity or similar.
• Excellent written and verbal communication skills. Should be able to produce a writing sample: A blog entry or other long-form post on a technical issue, comment on a mailing list or open source issue or other technical comment on social media, a self-written academic paper.
• Strong analytical and problem-solving skills, and the ability to work independently.
• Ability to collaborate across functional teams as well as external partners, researchers, and other security teams.
• Ability to track multiple issues in various states of progress.

Desired Qualifications:

• A strong ability to use scripting languages such as Perl, Python, TCL, and UNIX shell programming.
• Demonstrated experience (such as academic projects) in JavaScript, Node.JS, Pug, PHP, Python, Java, C/C++, R, Rust, relational and NoSQL databases.
• Experience with HTML, CSS, JSON, XML file creation and management
• Experience with AWS, Azure, GCP, Snowflake.
• Should be able to produce a sample code such as a project hosted on GitHub or personal site.
• Linux and/or FreeBSD experience along with the ability to read and understand multiple programming languages.
• Familiarity with routing and switching protocols and security firewalls.