Open to Irvine CA or other Verizon office locations

The Product Security Team ensures security by design product engineering and architecture for Verizon products. In this role as a Senior Security Analyst, you will conduct security assessments for products and solutions developed by the Verizon Consumer Group. You will collaborate with various cross functional teams and help to create, define, and implement security controls and tooling in conjunction with internal product development and partner teams.

• Evaluate security postures and provide recommendations for improvement and risk reduction for Cloud services, Mobile Platforms(IOS/Android/TvOS/FireTV), Web and Embedded applications (e.g., build threat models, design reviews, document mitigation techniques, apply security design patterns, code review).
• Manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements.
• Participate in deep architectural discussions to build confidence and ensure success when building new or migrating existing cloud infrastructures, applications, software, and services.
• Support projects at various levels, from ground level up to fully evolved projects, be able to dive into existing environments or help with the security design and requirements of a new project by evaluating the end-to-end environment of different types of services (SaaS, IaaS, PaaS) and client platforms (mobile, web, embedded applications).
• Continually evaluate new threats and attacks to identify the impact on business and help to develop and implement appropriate security controls.
• Apply cryptographic primitives and protocols for authentication, authorization and data protection. Recommend and manage transmission protection requirements for all environments (e.g., systems, applications, containers) such as VPC peering best practices, SSL certificate management, RSA key pairs, etc.

Implement security modules, tools, and code snippets when needed.

• Develop architectural documentation and best practices for infrastructure, applications, data protection and IAM security
• Train and coach engineering teams to integrate CI/CD pipeline tools, test plans and vulnerabilities assessment tools for Cloud and other platforms.

MUST HAVE SKILLS:

• Bachelors degree in Computer Science or related fields
• Six or more years of relevant work experience.
• Experience with performing security requirements analyses to secure the deployment of large globally distributed cloud-based and/or mobile-embedded platforms.
• Experience with OWASP Top 10 vulnerabilities and Cryptographic Algorithms: (PKI), X.509 Public Key Certificates, authentication protocols, and transport layer security, OID, OAuth, SAML.
• Development experience in C /C, Swift, Java, Scala, Python or other languages and the ability to solve complex operational issues.

DESIRED SKILLS:

• Masters degree in Computer Science or equivalent engineering experience.
• Direct experience with implementing Security Services and tools in AWS such as GuardDuty, Macie, CloudTrail, CloudWatch, KMS, Compute (e.g., EC2, GCE)..
• Experience with storage technologies such as: S3, Networking: VPC, IDS/IPS, WPA, firewalls, reverse proxies, Load Balancers, Security Groups/List.
• Experience with configuration tools: AWS Config, AWS Inspector, SDK/CLI. Vulnerabilities tools: Prisma Cloud, Crowdstrike, etc.
• Experience Container Security experience with Docker, ECS, Kubernetes.
• Experience with configuration languages/IaaC: JSON, CloudFormation Terraform
• Experience with SDLC for mobile platforms including use of obfuscation techniques, Reverse Engineering and Tamper Resistant software development on Mobile Platform.
• Understanding of various types of Exploits, Threat Modeling, and Attack surfaces
• Experience with IT Security Frameworks such as NIST, ISO27001, PCI, DSS, FedRAMP
• One or more of the following certifications: AWS Certified Solutions Architect (professional), AWS Certified Security (Specialty), CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP), CISSP.