• Mid-Level Security Developer in Test

    Location(s) US-TX-San Antonio
    Req #
    39524
    Category
    Cyber Security, Software Development
  • About Rackspace

    Rackspace is modernizing IT in today’s multi-cloud world. We have been honored by Fortune, Forbes, Glassdoor and others as one of the best places to work. We serve over 50% of the Fortune 100 companies & customers in 120 countries around the globe. Our achievements are powered by our people – we call them Rackers.  We grow & thrive through world-class development opportunities, learning & selling bleeding-edge technologies & solutions, and most importantly, connecting with each other (the best & brightest in the industry). Are you a Racker? Join us!

     

    More on Rackspace

     

    Rackers aren’t all alike. We look different. We think uniquely. We are from many places and our beliefs & backgrounds vary. But, being a Racker — a valued member of a winning team on an inspiring mission – is what connects us all. Rackers are encouraged to bring their whole self to work every day, as we know that unique perspectives fuel innovation and enable us to best serve our customers & communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.

    Overview & Responsibilities

    Position Overview

     

    We are looking for a Mid-Level Security Developer in Test to join our Security Engineering team in San Antonio, Texas! This new team member will have the opportunity to work with the best and the brightest developers and teams across Rackspace!

     

    Do you enjoy working in a fast paced environment where your feedback and expertise on security is taken seriously? Do you get excited when given the opportunity to conduct security testing? Do you like working with diverse teams with different technical backgrounds? If this sounds like you then continue to read on!

     

    You will be on the front lines working with Cloud developers as new technology is being developed and deployed. As part of the Cloud team you will be testing applications throughout the lifecycle looking for vulnerabilities in the application and infrastructure. Additionally, you will get the opportunity to provide ‘real world’ mitigation efforts by working closely with the development and QE teams.

     

    Primary Responsibilities

    • Writes security test scripts to determine the security posture of a given product including all integration and dependencies.
    • Conduct security testing for product applications developed by Rackspace including microservices and all web applications.
    • Participates in manual and automated security code reviews.
    • Collaborates with other quality and development engineers to build, evolve and maintain a scalable continuous build and deployment pipeline.
    • Develop automated security tools to improve test process.
    • Develop and/or recommend appropriate mitigation countermeasures in development, operational, and nonoperational situations. 

     

    Knowledge/Skills/Ability

    • Knowledge of web protocols, networking and systems.
    • Must possess the ability to understand new concepts quickly and apply them accurately through an evolving, dynamic environment.
    • Development experience with one of the following languages: Python, Java, Go or Ruby. 
    • Understanding of XML, XSD, Json, WSDL and Soap.
    • Understanding of the Agile development process (Scrum, XP, Kanban etc) from the test design, test automation and execution perspective.
    • Knowledge of Security/QA Processes and Methodologies.
    • Familiarity  with Continuous Integration and Delivery (CI/CD) concepts.
    • Strong problem solving and analytical skills. 
    • Strong working knowledge of software development, web development, API development, web/API security testing, and host base vulnerability assessments. 
    • Demonstrated knowledge of OWASP security concepts and discovering vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation.
    • Ability to perform security source code reviews and communicate analysis to technical and non-technical teams. 
    • Knowledge of encryption standards and protocols.
    • Knowledge of authentication methodologies and protocols.
    • Database knowledge in MySQL or Oracle. 
    • Knowledge of methods for evaluating, implementing, and disseminating security tools and procedures. 
    • Knowledge of network security architecture, including the application of Defense-In-Depth principles.
    • Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.  

     

    Job Complexity

    • Assesses and evaluates application architectures.
    • Develops and implements security test solutions into a CI/CD process. 
    • Verifies that application security posture is implemented as stated, documents deviations, and determines required actions to correct those deviations. 
    • Consults with developers to gather and evaluate security requirements and translates these requirements into technical solutions.  
    • Incorporates security solutions into application designs.
    • Performs threat and vulnerability analysis during application or system design or major infrastructure design change. 
    • Plans and conducts security vulnerability reviews for applications.
    • Operates under general supervision. 

    Qualifications

    Minimum Requirements

    • Bachelor’s degree in Computer Science or a technology related field required.
    • 3 years of experience in security testing, software development, or test automation.
    • An understanding of test design, test automation, and execution perspective.  
    • Experience implementing test code within a continuous integration and delivery pipeline. Development experience in Python, Ruby, Java, Javascript, Go, or other object oriented languages. 

     

     

    This position maybe available to remote workers (US).

     

    #L1-SD1