Senior ASP.NET Developer (Security Expert)

Punch is a full service digital agency based out of New York, Silicon Valley, LA, Boston, Stockholm and Phuket, Thailand. Here at Punch, we take pride in tackling our clients’ most challenging tasks. Founded by a group of former Google Engineers and now with over 75 staff, Punch is now leading the way in creating new cutting-edge technology.

Responsibilities:

• Responsible for implementing a product security framework supporting existing and future software. (Will implement security requirements and secure coding standards, e.g., NIST SP 800-53, ISO/IEC 27001, OWASP, SEI CERT, and MS Secure Coding Standards.)

• Evaluates product designs and provide solutions to remediate security vulnerabilities through product security risk assessments, vulnerability scans, and static code analysis.

• In addition to security solutions for new product development, the role requires remediating vulnerabilities with existing products which requires detailed attention to implementation and product risk.

• Leads product security risk assessments, hazard analysis, and provide vulnerability remediation guidance and mentoring to product development software engineers

• Implements software security solutions and architect/design products in accordance with industry accepted standards for security including: encryption, recovery, authentication, audit logging, hardening measures, patch management, vulnerability monitoring, and anti-virus/anti-malware

• Develops and administers software engineering procedures and training for vulnerability scans and static code analysis (C#.NET, ASP, JavaScript, MVC, Angular, Bootstrap, HTML, SQL Server, Entity Framework, CSS)

• Assists product development teams in creating Incident and Vulnerability Management Plans and Product Security White Papers.

Qualification (Required)

• 6+ years of software development using C#.NET, ASP (working on large multi-tier applications)

• Knowledge of secure coding practices and development specifically related to implementation of security requirements and secure coding standards (e.g., NIST SP 800-53, ISO/IEC 27001, OWASP, SEI CERT, and MS Secure Coding Standards)

•Able to evaluate product designs and provide solutions to remediate security vulnerabilities through product security risk assessments, vulnerability scans, and static code analysis Knowledge of Windows networking fundamentals (IP protocol, switch, and router basics)

• Strong knowledge of cyber/network security from training/education or experience

Qualifications (Preferred)

• 6+ years of C# Development

• 6+ years of cyber/network security experience

• Experience with SAST static code analysis tools such as HP Fortify, SonarQube, Veracode, Coverity, LLVM clang-analyzer, etc.

• SQL and SQL Server experience

• BS degree or higher in Computer Science, Computer Engineering, Electrical Engineering, or other related engineering field

• Experience with TCP/IP, encryption, and socket developmento ISC2: CISSP, CSSLP, CCFP, HCISPPo Offensive Security: OSCP, OSCE, OSEEo EC Council: GPEN, CEH, CHFI, ECSA, LPT, ESCP.NET, ECSP-JAVA, ECSSo SANS / GIAC: GSEC, GCIA, GWEB, GSSP-JAVA, GSSP-NET, GNFA, GREM, GXPN, GSEo ISACA: CSXF, CSXP, CRISCo Others: Security+, CCNA – Security

We are a team of former Google Engineers and Designers based in Silicon Valley, New York and Phuket, Thailand.

All of our core engineers are paid in the $150,000 range or greater and we also provide our engineers the opportunity to work, all expenses paid, from our Phuket, Thailand office one month a year as a creative outlet to work and enjoy life to the fullest.

In this role you will work with some of the most exciting projects in the industry today with a team of fast moving engineers and designers who have a passion for building disruptive products.