Missouri Manufacturing Jobs

Jobs.mo.gov mobile logo

Job Information

AT&T Senior-Software Engineer in St Louis, Missouri

Overall Purpose : This career step requires senior level experience. Secure the code base by remediating identified vulnerabilities. It will help to implement safeguards before the weakness is exploited. Lack of timely remediation exposes the gap and it's exploitation causes damage to the reputation and potential legal fines.

Key Roles and Responsibilities : Perform Source Code (SAST), Dynamic (DAST) scan vulnerability analysis of AT&T’s Identity & Access Management (IAM) platforms. Understand vulnerabilities and suggest resolution / path forward to remediate the vulnerabilities identified by scans at application layers. Focus on quality and eliminate false positives by remediating vulnerabilities i.e. CVEs (common vulnerabilities and exposures) and top 25 CWEs (common weakness enumeration). As part of the critical One ID program, align all efforts towards completing assigned tasks and meeting PI (program increment) objectives within define timeline. Facilitate meetings, reports and work collaboratively with other scrum teams in a cross functional environment to support delivery. Support implementation plan to perform static and dynamic scan analysis on authentication platform adhering to AT&T security standards (ASPR policies) and remediate vulnerabilities. Integrate the scanning effort into CI/CD pipeline.

This position will analyze the scan results, vet out false +ve, create user stories and identify the best possible solution to remediate the vulnerabilities. Work closely with the app developers to get them remediated. The position will support all of the IAM apps for DAST, SAST scans and MPEN testing including Mobile application scans.

Principal Responsibilities:

  • Perform SAST (static application security testing) scan vulnerability analysis, DAST (dynamic application security testing) scan vulnerability analysis and Code vulnerability Analysis (as applicable) across IAM platforms - 15%

  • Focus on quality and eliminate false +ves by reviewing CVEs (common vulnerabilities and exposures) and top 25 CWEs (common weakness enumeration) - 25%

  • Understand vulnerabilities and suggest resolution / path forward to remediate the vulnerabilities identified by scans. Create user stories to address the vulnerabilities - 40%

  • Facilitate meetings, reports and work collaboratively with other scrum teams in a cross functional environment to support delivery - 20%

Requirements:

Must have hands on Java developer experience of complex systems. Must be expert in analyzing the vulnerability scanning report & remediation and must have deep understanding of OWASP vulnerabilities. Individual must have expertise in various scanning tools like Veracode, AppScan, Checkmarx, etc. Must be able to review the source code and suggest remediation solution to fix the identified vulnerabilities.

Requirements:

Must have hands on Java developer experience of complex systems. Must be expert in analyzing the vulnerability scanning report & remediation and must have deep understanding of OWASP vulnerabilities. Individual must have expertise in various scanning tools like Veracode, AppScan, Checkmarx, etc. Must be able to review the source code and suggest remediation solution to fix the identified vulnerabilities.

We expect employees to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected veteran status or employment status.

DirectEmployers