Principal Software Security Engineer

Job Details
Xylem (XYL) is a leading global water technology company committed to developing innovative technology solutions to the world's water challenges. The Company's products and services move, treat, analyze, monitor and return water to the environment in public utility, industrial, residential and commercial building services settings. Xylem also provides a leading portfolio of smart metering, network technologies and advanced infrastructure analytics solutions for water, electric and gas utilities. The Company's more than 16,500 employees bring broad applications expertise with a strong focus on identifying comprehensive, sustainable solutions. Headquartered in Rye Brook, New York with 2017 revenue of $4.7 billion, Xylem does business in more than 150 countries through a number of market-leading product brands.
The name Xylem is derived from classical Greek and is the tissue that transports water in plants, highlighting the engineering efficiency of our water-centric business by linking it with the best water transportation of all ? that which occurs in nature. For more information, please visit us at www.xylem.com.
Sensus, a Xylem brand, helps a wide range of public service providers ? from utilities to cities to industrial complexes and campuses ? do more with their infrastructure to improve quality of life in their communities. We enable our customers to reach farther through the application of technology and data-driven insights that deliver efficiency and responsiveness. We partner with them to anticipate and respond to evolving business needs with innovation in sensing and communications technologies, data analytics and services. Learn more at sensus.com and follow @SensusGlobal on Facebook, LinkedIn and Twitter.
The Role: Sensus, a Xylem brand, seeks to hire a senior position Principal Software Security Engineer, as a member of the Software Applications Team. The candidate will define and help implement the overall security strategy and infrastructure for Sensus applications. The successful candidate will have demonstrated the ability to succeed in a fast paced, fluid environment, while ensuring that project initiatives are met. If you are excited and passionate to work on state-of-the art technology trends: cloud data centers, data aggregation and big data analytics, we want to hear from you!
We want someone who:
Wants to build game-changing software applications for analytics and utility functions and takes great personal pride in building robust software
Has strong sense of ownership and drive
Is passionate about Security, applications, analytics, storage and distributed systems
Enjoys working in a fast-paced agile environment using Scrum
Has excellent written and verbal communication skills
Has strong customer focus
BS/MS in Computer Science or equivalent.
8+ years of experience in a software development related field
Strong object-oriented design and coding skills (Java preferred and Spring) preferably on the Linux platform developing Systems software.
Ability to communicate effectively in writing, orally with both local and remote sites
Ability to work collaboratively within a team environment of engineers to meet aggressive goals and high quality standards
Demonstrated experience working with cross functional teams
Working Knowledge:
Spring Security
Especially as to how authentication interceptors and filter chains work
Integration with Tomcat, Jetty, and Spring Boot, and Spring Cloud services (API Gateway)
Specific Spring Security Integrations
Shibboleth-IDP for SAML integrations
Requirements on Shibboleth-SP integrations for various clients
General Web-SSO, Shared Token and shared credential models
OAuth v2.0
SAML v1.1/v2.0
Microsoft AD Authentication/SSO Models including Federation
LDAP in general and openLDAP in particular.
X.509 Certifications and Public Key Infrastructure(PKI)
Java Keystore
Cryptography Algorithms and Libraries
Microsoft CAPI (cryptography API)
Bouncy Castle (for java)
jwcrypto (for java)
DSA/RSA/ECDSA algorithms
Web Service Cryptography
SSL Transport Security
Apache Configuration
nginx Configuration
SSL Client authentication
For Web Development:
OSWASP Top 10 Application Security Risks and Mitigations
Broken Authentication and Session Management
Cross-Site Scripting (XSS)
Broken Access Control
Security Misconfiguration
Sensitive Data Exposure
Insufficient Attack Protection
Cross-Site Request forgery (CSRF)
Using Component with Known Vulnerabilities
Underprotected APIs
Additional Information:
Physical Demands
(The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)
Regularly required to sit or stand, reach, bend and move about the facility
Work Environment
(The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)
Office: Standard office equipment; work usually performed in an office setting free from any disagreeable elements.
Standard weekly job hours: 40 hours
EOE including disability and veteran

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Software Validation Engineer
Morrisville, PA Xylem Inc.
Principal Pipeline Engineer
Canonsburg, PA DTE Energy
Sr. Engine and Compressor Analyst - M
Waynesburg, PA EQT Corporation
Evergreen Requisition - Field Service Engineer
Philadelphia, PA Olympus Corporation of the Americas
Field Service Engineer Supervisor
Pittsburgh, PA Xylem