Back to Job Search

Principal Software Security Engineer

  • Sector: Monroe Information Technology
  • Contact: Justine Danielle Bituin
  • Client: Monroe Consulting Group
  • Location: City of Taguig
  • Salary: Negotiable
  • Expiry Date: 01 March 2023
  • Job Ref: BBBH409526_1675060362
  • Contact Email: justine.bituin@monroeconsulting.com.ph

Executive recruitment company Monroe Consulting Group Philippines is recruiting on behalf of a leading technology company who offers a full spectrum of global technology and supply chain services to businesses around the world.

Job Summary
Our respected client is seeking for Senior-Level Security Engineers who will work on the most important aspects of a given project. They may be responsible for designing and building core security features, or they may work on smaller projects that support larger initiatives for the job of Principal Software Security Engineer.

The Principal Software Security Engineer will provide technical leadership, influence cross-organizational positive changes and should be passionate about building a culture of Security with Agile, CI/CD and DevSecOps. The job is based in Taguig City, Philippines.

Key job responsibilities:

  • Integrated Security SME within the SSDLC to ensure security is always included at every phase
  • Perform application/software security risk assessments for custom developed code
  • Gain deep insight into the software being developed to ensure security is part of the value chain
  • Partner with the Cloud Security Operations Engineering Teams for frictionless release handoff within DevSecOps
  • Lead application security reviews and threat modeling, including code review and dynamic testing
  • Lead the delivery of the secure software delivery framework (SSDF) through building of security technical roadmap
  • Own and perform application/software security vulnerability assessments
  • Lead in development of automated security testing to validate that secure coding best practices are being used
  • Champion security recruiting activities with leadership
  • Perform assessments of SDLC processes, guide and advise software development teams as SMEs in application security at every phase of the SSDLC
  • Develop and deliver application/software security training and outreach to build security champions within the organization


Key job requirements:

  • Four-year degree in software or security engineering or related field
  • Minimum 8 years of experience in software development and/or security including a minimum of 5 years of experience including offensive security, software development, application security
  • Preferred Certifications: CSSLP, CSDP, CEH, CISSP, CCSP, OSCP, OSWE, GPEN, GXPN
  • Strong understanding and experience with common security libraries, security controls, and common security flaws
  • Strong programming experience with the ability to code exploits in at least one language; Java, C++, C#, Ruby, preferably on a Linux/Unix platform to be able to target security weaknesses
  • Be a subject matter expert (SME) of at least 1 technical area impacting the security software
  • Strong experience working closely with developers within SSDLC leading secure software development project and building a SSDF
  • Proven experience with threat modeling as well as software security risk assessment, converting the data into threat reports and action plans
  • Experience with standards, frameworks, and certifications such as NIST SSDF, OWASP Top 10 and ASVS, BSIMM, ISO27034, ISO27001, CSA STAR, SOC2 and PCIDSS
  • Experience working with vulnerability assessment, SAST, DAST, CSA tools