Senior Software Process Engineer

Will be responsible for planning, implementing and monitoring security measures for the protection of MathWorks' sophisticated software; improving and evangelizing MathWorks security practices, processes and tools, with a focus on: development security, Secure SDLC, security testing, secure coding standards, threat modeling, phishing, and SOC2 compliance; providing internal consulting and coaching support, evangelizing new security tools and best practices, and creating and delivering learning resources; identifying and monitoring issues that impact organizational goals related to security; developing clear and well-scoped problem statements, and initiating and driving related security projects to completion; creating new processes, resources and reference content facilitating organizational adoption of security tools and standards through thoughtful change management strategies; supporting the Development organization's growth and learning around MathWorks standard security processes; evaluating impact with Kirkpatrick Level 1-4 evaluations; and reviewing, cataloging and promoting user-created security and resources. Position reports to Natick, Massachusetts headquarters and may work remotely from a home office anywhere in the United States.

Responsibilities

Minimum Qualifications

• A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required.

Additional Qualifications

Minimum Qualifications:

Education and Experience:

Master's degree in Engineering, Computer Science, Cybersecurity, or a closely related field (or foreign education equivalent) and two (2) years of experience as a Senior Software Process Engineer (or related occupation) testing or analyzing and evaluating security of software applications.

OR

Ph.D. degree in Engineering, Computer Science, Cybersecurity, or a closely related field (or foreign education equivalent) and no experience.

OR

Bachelor's degree in Engineering, Computer Science, Cybersecurity, or a closely related field (or foreign education equivalent) and five (5) years of experience as a Senior Software Process Engineer (or related occupation) testing or analyzing and evaluating security of software applications.

Special Requirements:

• Demonstrated expertise identifying and exploiting security vulnerabilities using security testing tools using Metasploit, Burpsuite, Immunity Debugger, or IDA Pro.
• Demonstrated expertise performing threat analysis using threat modeling methodologies -- STRIDE or DREAD-- and modeling tools -- Microsoft Threat Modeling tool, OWASP Threat Dragon, or Threat Modeler.
• Demonstrated expertise analyzing security issues, providing comprehensive reports on potential vulnerabilities, and effectively communicating these findings to mitigate and prevent future risks.
• Demonstrated expertise creating and improving processes to support the Software Development Life Cycle (SDLC) according to scrum-based Agile methodologies.

[Expertise may be gained during Graduate program.]