Principal, Cyber Security
CA - Irvine, HQ
Full Time Senior-level / Expert USD 121K - 206K
Ingram Micro
It's fun to work in a company where people truly BELIEVE in what they're doing!
Ingram Micro is the business behind the world’s brands reaching nearly 90 percent of the world’s population. Our market reach, diverse solutions portfolio, and digital platform Ingram Micro Xvantage™ set us apart. We have approximately 27,000 associates committed to serving our more than 161,000 customers and 1,500 vendor partners worldwide. Learn more at www.ingrammicro.com.
Ingram Micro has earned Great Place to Work Certification™ for 2022-2023 in the United States! This prestigious recognition reflects our commitment to our people and our culture.
Come join our team where you’ll make technology happen in surprising ways. Let’s shape tomorrow - it’ll be a fun journey!
The role:
- Mentoring R&D and Junior security teams on Secure Coding practice
- Focus on developing and maintaining home-grown applications to support and implement Secure by Design, Secure Coding, Pen Test and SSDLC Practices
- Consult with development teams to implement sound SSDLC practices along with coding, data engineering and security services integration / automation following NIST SSDF, OWASP ASVS and BSIMM
- Active participation in proof-of-concept implementations to test and assess off-the-shelf and home-grown technologies to address SSDLC, DevSecOps compliance with SOX, PCI, ISO27001
- Work with R&D team members to manage the day-to-day development activities, participate in designs, design review, secure code review, and implementation of best coding practice
- Maintaining current technical knowledge to support rapidly changing technology, look out for new technologies and work with the team in bringing in new technologies
What you bring to the role:
- Four-year bachelor’s degree in bachelor’s degree in computer science, Information Security, or a related technical field. Master's degree or relevant certifications (OSCP/OSWE/eWPTX/ CSSLP, CEH or similar) preferred.
- 5+ of software development experience preferred in cyber security/AppSec.
- 5+ years of experience in application security or a related field, with demonstrably successful contributions to securing applications.
- Strong coding skills in at least one of the following OO languages: Python, Java, C++, C#, .Net, Ruby, or any advanced web or mobile apps programming language.
- Scripting skills in Python, Bash, or similar languages for automation and analysis.
- Hands-on experience in source code reviews for vulnerabilities and secure coding practice and understanding of SSDLC.
- Advanced understanding of security concepts and attack vectors, including web application security, API security, mobile security, and cloud security.
- Proficiency in SAST and DAST security tools and technologies like vulnerability scanners, web application firewalls, fuzzing, penetration testing tools (e.g., Burp Suite).
- Experience with threat modeling and risk assessment methodologies tailored for mobile/web applications.
- Ability to develop and implement security controls based on identified risks and vulnerabilities.
- Proven track record of successfully securing web and/or mobile applications across various platforms (iOS, Android).
- Solid understanding of secure coding practices for web/mobile development, including platform-specific security frameworks and libraries.
- Experience in building and implementing security processes within an organization, specifically focusing on web/mobile application security integration within the SDLC.
The ranges above reflect the potential annual base pay across the U.S. for all roles; the applicable base pay range will depend on the candidate’s primary work location, pay grade, and variable compensation plan. Individual base pay within each range depends on various factors, in addition to primary work location, such as complexity and responsibility of role, job duties/requirements, and relevant experience and skills. Base pay ranges are reviewed and typically updated each year. Offers are made within the base pay range applicable at the time of hire. New hires starting base pay generally falls in the bottom half (between the minimum and midpoint) of a pay range.
At Ingram Micro certain roles are eligible for additional rewards, including merit increases, annual bonus or sales incentives and long-term incentives. These awards are allocated based on position level and individual performance. U.S.-based employees have access to healthcare benefits, paid time off, parental leave, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, and wellbeing benefits, among others.
This is not a complete listing of the job duties. It’s a representation of the things you will be doing, and you may not perform all these duties.
Please be prepared to pass a drug test and successfully pass a pre-employment (post offer) background check.
Ingram Micro believes there is no place in our society for social injustice, discrimination, or racism. As a company we do not – and will not – tolerate these actions.
Ingram Micro Inc. is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other protected category under applicable law.
Tags: Android APIs Application security Automation Bash BSIMM Burp Suite C CEH Cloud Compliance Computer Science DAST DevSecOps eWPTx Firewalls iOS ISO 27001 Java Mobile security NIST OSCP OSWE OWASP Pentesting Python R&D Risk assessment Ruby SAST Scripting SDLC SOX Vulnerabilities
Perks/benefits: 401(k) matching Insurance Parental leave Salary bonus Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs