<br />Job Description: The candidate will own security operations aspects for a portfolio of Intel Security products being developed at ASDC site. Responsibilities include: <br />* Perform security reviews on architecture and designs of our products <br />* Perform threat modelling for our enterprise products portfolio <br />* Execute (thru providers) pen-testing on our products <br />* Understand and prioritize security findings and risks <br />* Work with upper management, architecture and engineering teams on resolution <br />* Mentor junior team members <br />* Build in-house pen-test capabilities<br /><br />Aptitudes y conocimientos deseados<br />The candidate has strong background on enterprise software security. The candidate possess a Bachelor of Science degree in Computer Science and/or Computer Engineering and/or Electronic Engineering or equivalent degree and 15+ years of relevant experience on enterprise security and operations. Additional qualifications include: <br />* Advanced understanding of access control (Identity, provisioning, authentication, authorization) <br />* Advanced understanding of cryptography (symmetric, asymmetric, hashing algorithms, password-based derivation, etc.) and PKI (certificates, CAs, Hardware Security Modules) <br />* Advanced understanding of security monitoring (logging, error and exception handling as part of application lifecycle) <br />* Advanced understanding of operational security, e.g., security of hosting environments (firewalls, Intrusion Detection Systems), key management, key revocation, rotation. <br />* Advanced understanding of threat modeling and risk assessment: Experience with creating threat models for applications and performing risk assessment. <br />* Experience in interaction with pen testing providers in order to identify the risk associated to security findings. Basic understanding of pen testing and related frameworks <br />* Experience in the prioritization of security findings, and communication to upper management. <br />* Experience with the definition of security policies (e.g., input validation, hosted services configuration) and implementing good security practices. <br />* Basic understanding of automated security testing frameworks (e.g., fuzz testing)