Application Security Architect
TIBCO | 60500 Security | Palo Alto, CA
The TIBCO Information Security Team works with teams from across TIBCO, including engineering, operations IT, legal and sales, to ensure continuous improvement in our security posture.
The Security Team’s efforts directly affect both TIBCO corporate and our customers. The team has a diverse set of responsibilities to ensure that risks that affects TIBCO customers as well as TIBCO itself are identified and remediated.
A TIBCO Application Security Engineer needs to be comfortable:
- Working with all stakeholders to implement secure software development practices by determining security requirements and proposing solutions that balance business requirements with information and cyber security requirements.
- Assisting in guiding, prioritizing, and measuring our efforts in achieving and maintaining product security.
- Performing internal product and services security reviews and recommending changes or enhancements for identified security design gaps in existing and proposed architectures.
- Aligning security standards, frameworks and policies with overall business and technology strategy.
- Design and build prototype security solutions, including security specific test cases.
- Performing and facilitating security reviews and threat modeling exercises, identifying attack vectors that may be used to exploit software and working collaboratively to remediate.
- Drive on-going security testing for software vulnerabilities utilizing both automated and manual testing tooling.
- Identifying and communicating current and emerging software security threats, including specifying requirements and controls to mitigate threats as they emerge.
- Assisting with security reviews of third party vendors and services providers.
- Assisting with Incident Response as required and contributing to GDPR breach notification efforts.
- Assisting with customers’ specialized security questionnaires related to software security.
- Working cross company to identify and implement GDPR requirements, related to software development efforts.
- Influencing culture by helping drive Secure Software Development Practices.
- Staying current by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
We also have a Detection and Response role within the Application Security team to provide technical direction and oversight of the cybersecurity incident detection and response function including:
- Implementing the necessary controls, infrastructure and procedural playbooks to monitor, identify and provide proactive detection and response.
- Performing incident triage and handling by determining scope, urgency and potential impact in order to identify the incident cause and recommending actions for expeditious remediation.
- Coordinating with appropriate stakeholders and acting as subject matter expert to resolve incidents, including facilitating root cause analysis.
- Developing and ensuring incident document is properly generated from initial detection through final resolution.
- Reviewing detailed incident reports and provides technical briefs as required.
- Working across all of TIBCO to identify, evaluate and report cybersecurity risks.
- Analyzing data, such as logs or packets captures, from various sources and drawing conclusions regarding past and future security incidents.
- Maintaining and expanding appropriate information security metrics for detection and response.