Xylem (XYL) is a leading global water technology company committed to developing innovative technology solutions to the world’s water challenges. The Company’s products and services move, treat, analyze, monitor and return water to the environment in public utility, industrial, residential and commercial building services settings. Xylem also provides a leading portfolio of smart metering, network technologies and advanced infrastructure analytics solutions for water, electric and gas utilities. The Company’s more than 16,500 employees bring broad applications expertise with a strong focus on identifying comprehensive, sustainable solutions. Headquartered in Rye Brook, New York with 2017 revenue of $4.7 billion, Xylem does business in more than 150 countries through a number of market-leading product brands.

The name Xylem is derived from classical Greek and is the tissue that transports water in plants, highlighting the engineering efficiency of our water-centric business by linking it with the best water transportation of all – that which occurs in nature. For more information, please visit us at www.xylem.com.

Sensus, a Xylem brand, helps a wide range of public service providers – from utilities to cities to industrial complexes and campuses – do more with their infrastructure to improve quality of life in their communities. We enable our customers to reach farther through the application of technology and data-driven insights that deliver efficiency and responsiveness. We partner with them to anticipate and respond to evolving business needs with innovation in sensing and communications technologies, data analytics and services. Learn more at sensus.com and follow @SensusGlobal on Facebook, LinkedIn and Twitter.

The Role: Sensus, a Xylem brand, seeks to hire a senior position Principal Software Security Engineer, as a member of the Software Applications Team. The candidate will define and help implement the overall security strategy and infrastructure for Sensus applications. The successful candidate will have demonstrated the ability to succeed in a fast paced, fluid environment, while ensuring that project initiatives are met. If you are excited and passionate to work on state-of-the art technology trends: cloud data centers, data aggregation and big data analytics, we want to hear from you!

We want someone who:

•          Wants to build game-changing software applications for analytics and utility functions and takes great personal pride in building robust software

•          Has strong sense of ownership and drive

•          Is passionate about Security, applications, analytics, storage and distributed systems

•          Enjoys working in a fast-paced agile environment using Scrum

•          Has excellent written and verbal communication skills

•          Has strong customer focus

Requirements:

• BS/MS in Computer Science or equivalent.
• 8+ years of experience in a software development related field
• Strong object-oriented design and coding skills (Java preferred and Spring) preferably on the Linux platform developing Systems software.
• Ability to communicate effectively in writing, orally with both local and remote sites
• Ability to work collaboratively within a team environment of engineers to meet aggressive goals and high quality standards
• Demonstrated experience working with cross functional teams

Working Knowledge:

• Spring Security
  • Especially as to how authentication interceptors and filter chains work
  • Integration with Tomcat, Jetty, and Spring Boot, and Spring Cloud services (API Gateway)
• Specific Spring Security Integrations
  • Shibboleth-IDP for SAML integrations
  • Requirements on Shibboleth-SP integrations for various clients
• General Web-SSO, Shared Token and shared credential models
  • OAuth v2.0
  • OpenId
  • JWT/JOSE
  • SAML v1.1/v2.0
  • JOSSO
• Microsoft AD Authentication/SSO Models including Federation
• LDAP in general and openLDAP in particular.
• X.509 Certifications and Public Key Infrastructure(PKI)
  • openssl
  • Java Keystore
• Cryptography Algorithms and Libraries
  • Microsoft CAPI  (cryptography API)
  • Bouncy Castle (for java)
  • jwcrypto (for java)
  • DSA/RSA/ECDSA algorithms
• Web Service Cryptography
  • SSL Transport Security
    • Apache Configuration
    • nginx Configuration
  • SSL Client authentication

For Web Development:

• OSWASP  Top  10 Application Security Risks and Mitigations
  • Injection
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Broken Access Control
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Insufficient Attack Protection
  • Cross-Site Request forgery (CSRF)
  • Using Component with Known Vulnerabilities
  • Underprotected APIs