Job Requisition ID #

24WD82206

Responsibilities: Develop and oversee the implementation of information security procedures and policies. Build, maintain, and upgrade security technology for the safe use of computer networks and the transmission and retrieval of information. Design and implement appropriate security controls to identify vulnerabilities and protect digital files and electronic infrastructures. Enable Autodesk Builders to make best-practice security decisions so they can quickly navigate the rapidly changing security domain. You will use your background in numerous Security and technology disciplines, including systems architecture, software architecture, cloud systems or network and software engineering to deliver foundational standards, design patterns, and references as well as impactful guidance for Autodesk applications and supporting technologies. Collaborate horizontally across Autodesk to ensure multi-domain Security Strategy navigation for the Security division and its initiatives. Enable security in the full spectrum Autodesk product lifecycles--from inception, design, development, testing, all the way to operation and response. Collaborate to create and drive new security standards, reference designs, templates, and other architecture artifacts for application, network, system, and cloud patterns. Perform Gap analysis and model security need vs implementation in products, product environments, and business-systems. Explore new and emerging technologies to identify security solutions to fill gaps or enhance capability and security value. Apply and convey risk calculations to security data at scale to enable strategic decision making. Apply systems design and thinking to organize and make sense of Security at scale. Experience and expertise in performing activities like threat modeling, penetration testing, vulnerability management, systems and network engineering, application engineering, DevOps/DevSecOps, secure coding guidance and reviews, security testing, and vulnerability triage across various applications. Provide hands-on remediation guidance to development teams and confer with Architects, Security Leadership, Systems Analysts, Engineers, Programmers and others to design system and to obtain information on project limitations and capabilities. Develop and direct software system testing and validation procedures, artifacts, programming, and documentation while working as part of a team of security architects. Understand existing processes and identify how to improve and streamline them. Stay connected with the broader security community and research areas of improvement in order to successfully modify existing software to correct errors, allow it to adapt to new hardware, or to improve its performance. Must be available to work on projects at various, unanticipated sites throughout the United States. Telecommuting is permitted.

• Assist with leading security lifecycle architecture and technical assessments using tools such as Qualys, Nessus, Nmap, Metasploit.
• Secure software development lifecycle including manual and automated application security testing with tools such as Checkmarx, Acunetix, Burpsuite.
• Protect customer data and investment by strengthening applications, underlying services and network.
• Automate security assessments using python, bash/shell scripting etc.
• Evangelize security best practices to improve network, system, and application architectures, with talks, presentations and technical write-ups
• Function as technical point of contact for development teams as it relates to security guidance
• Experience working in improving security posture of cloud (SaaS) applications
• Provide guidance to remediate existing/emerging security threats such as SQL Injection, Cross-site scripting, Remote Code Execution and other web application vulnerabilities from OWASP top 10 and CWE top 25 standards