Software architect is responsible for the technical direction of a project. Makes high level design choices for the software structure, frameworks, protocols, and algorithms. Determines coding practices, development tools, and validation requirements. Performs pathfinding and surveys technologies. Interacts with multiple technologists in the company and within the industry as well as between developers and project managers to evaluate feasibility of requirements and determine priorities for development.
Will be responsible for working closely with the Principal Engineer for Product Security Architecture to contribute to, help to manage, and maintain the company’s Product Security Architecture Strategy across McAfee’s Product Business Units and across McAfee’s broad and deep product portfolio. This role will be looked at as a main technical Subject Matter Expert for Product Security to:
- Provide architectural and technical guidance to product security
- Design, plan and implement secure coding practices and security testing methodology
- Ensure practices meet software certification processes
- Drive the security testing of the products.
- Test and evaluate security related tools
- Stay abreast on the latest industry trends and best practices in IT/software information security•
- Stay abreast of the latest versions of operating systems, database software as well as other third party software utilized by McAfee products
- Assess vulnerabilities for severity and impact, with emphasis on both CVSS scoring and risk rating in context
Many of these activities will be achieved through collaboration, teamwork, and technical leadership with other company resources, and especially, a 120-person virtual security team embedded within multiple product groups and business units and will include the following:
- Participate in code and design reviews with product teams
- Work with McAfee IT infrastructure team, including design and code reviews
- Interface with all levels of management to negotiate priorities and outcomes
- Develop security auditing procedures
- Develop and improve the product security standard requirements for different target groups
- Make decisions in cases of deviations from the product standard or either prepare management with accurate risk assessments to make decisions or advise development on solution strategy
- Provide internal consulting for secure planning and development, analyze product security architectures
- Provide reporting for different management levels
- Provide lifecycle information security support to product and other critically designated application development teams. Key responsibilities will include:
- Engage in the initial requirements definition (including analysis of threats and risks and alignment with McAfee security, Engineering, IT and Architecture standards.
- Conduct and facilitate security reviews including SSDLC testing requirements throughout the development lifecycle;
- Facilitate "table-top"/red-team/scenario analysis exercises in conjunction with other SME's; and plan the resolution of any identified vulnerabilities/issues.
- Security review of products/applications including requirements definition and risk analysis ·
- Validate claimed vulnerabilities, assess the risk using Common Vulnerability Scoring System (CVSS), followed by in-depth risk analysis and ensure adequate roll-out of security patches
- Create security training, self-tests and enhance the secure programming guides
- Communicate with and drive the worldwide security network with security researchers, customers, and our own support organization
- Create security test case specifications (target: code reviews, automation, and easy manual execution), contribute test tool strategy
- Support security projects in development and security research projects
- Perform conception work, for example, on key performance indicators, framework for external security assessments, security in agile development, cloud computing, and software as a service
- Advanced degree (Masters or PhD) in computer science or related field preferred
- 10+ years of combined experience as a developer and architect
- Excellent interpersonal and communication skills
- Hacker mindset, security risk awareness and security know-how
- Ability to express and drive the resolution of technical problems effectively
- Strong appetite to continuously work on new technologies and topics
- Drive for quality, ability to define and execute security assurance strategy and security process
- Customer focused and a team player
- Product security experience at a large software company is a very strong plus.
- Deep understanding of technical threats - The basis of how attacks work, why they work, and what that means to us as a software company and to McAfee’s customers.
Ability to pull a debugger out and figure out what just happened (exploit analysis) Ability to duplicate and explore the threats in a meaningful way (exploit creation) Ability to extrapolate that information into meaning (how could this affect us)
To relentlessly protect all that matters through leading edge cyber security, from your workplace to your home and everywhere in between.
To enable a world where cyber security is so consistent, reliable and effective that it becomes a trusted foundation in our lives – like clean air and water. Our technology enables the world to fully realize the transformative power of the digital age, by protecting all that matters. By doing our job well, we drive limitless innovation, securely.
We live our values day in and day out, do you think you can live our values with us? If you can, don’t think, just connect with us. Together is power.
- We achieve Excellence with Speed and Agility
- We Play to Win or Don’t Play
- We Innovate without Fear
- We Practice InclusiveCandor and Transparency
- We Put the Customer at the Core
Join our Talent Community: http://careers.mcafee.com/
McAfee prohibits discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.
Texas, Plano; Ireland, Cork; Oregon, Hillsboro;