Senior Application Security Engineer
Company: myGwork
Location: Austin
Posted on: January 27, 2023
|
|
Job Description:
Senior Application Security Engineer you will be responsible for
testing, designing, and implementing security controls and
solutions driven by CISO and company policies and standards to
reduce the risk to Pearson VUE and its customers. The Application
Security Engineer is a member of the Cyber Security team and is
responsible for reviewing security designs, implementing technical
security controls, and designing security solutions. They will help
implement the information security design, enforce compliance with
security policies and controls and function as a technical security
expert on various projects. This is a mid to senior technical role.
The Application Security Engineer will: Security controls and best
practices Work closely with product and platform teams to implement
security controls with a focus on Application Security Plan,
implement, upgrade and monitor security measures related to
application security Work closely with functional-area architects,
engineering, and security specialists throughout Pearson VUE to
ensure adequate security solutions and controls are in place
throughout all VUE systems, cloud systems and platforms to mitigate
identified risks sufficiently, and to meet business objectives and
regulatory requirements. Provide security subject matter expertise
on application security and help project teams comply with
enterprise and IT security policies, industry regulations, and best
practices. Assess and understand Pearson VUE current security
posture and future architecture, providing a viable solution path
to bridge the gap. Design security configuration standards,
procedures, and guidelines for platforms such as baseline security
configurations and hardening guides. Communicate security risks and
solutions to business partners and IT staff. Coach developers on
application security Recognize, adopt, and instill industry leading
practices in security engineering throughout the organization
Correctly balance security risk and product advancement Secure
DevOps/Secure SDLC Identify and execute on opportunities to
automate internal, cloud and platform security controls. Provide
subject matter expertise on, and conduct in-depth security reviews
of software applications Identify and propose process improvements
and identify opportunities for new processes and procedures to
reduce risk. Incident Response Support security incident response
as required. Research, designs, and advocates new technologies and
security products that will support security requirements for the
enterprise and its customers, business partners, and vendors.
Contributes to the development and maintenance of the information
security strategy. Evaluates and develops secure solutions, based
on approved security architectures. Security Tooling Administer,
configure, and support security tools Assist with adoption of
new/existing security tools as needed Create/support integrations
of security tools into central analytics system Embrace a culture
of continuous service improvement and service excellence. Stay up
to date on security industry trends. Essential Skills: Bachelor's
degree in Computer Science, MIS, or equivalent technology
discipline 3 years minimum software development required (Java,
.NET) Working knowledge of application development tools,
techniques, and platform technologies Familiar with OWASP Secure
Coding Practices Familiar with Continuous Integration/Continuous
Deployment (CI/CD) processes and concepts Familiar with REST API
technology and methods Ability to develop scripts in Python (or
comparable language) Experience in OOAD, agile processes, design
patterns Some experience with relational database platforms such as
MSSQL, MySQL, NoSQL databases. Some proven ability in security
process and organizational design. Current understanding of
Industry trends and emerging threats. Knowledge of incident
response methodologies and technologies. Desirable Skills:
Experience working in agile environment highly preferred
Well-rounded background in application security. Experience
implementing security controls in a global enterprise IT
environment. Experience driving a culture of security awareness.
Professional IT Accreditations (CISSP, CISM, CCSA, CCSE, JNCIA,
CCNA, CCIE Security). Experience in creating design documents,
performing code reviews Desire to expand knowledge in many
development languages, applications, and tools Proven ability to
quickly learn new processes and tools, business domains and
technical applications Ability to think technically and
analytically Ability to understand philosophy of architecture
Ability to assimilate information, distill knowledge, apply
experience, and provide solution alternatives and recommendations
Must have strong time management skills - including ability to work
well under pressure, plan, set priorities, adapt to change, and
meet established timelines Must be a self-starter and
detail-oriented Must have a "positive" and energetic demeanor
Effective written and verbal communication skills Creative
problem-solving skills Experience with the following tools
(Required): Java or .NET Web Services (SOAP/REST) SQL Angular
Requirements & analysis experience OOAD design Agile development
Design patterns OWASP Top 10 Static code security testing (SAST)
tool experience Dynamic Application Security Tool (DAST or IAST)
experience Experience with the following tools (Preferred): Splunk
New Relic Cloud security Compensation at Pearson is influenced by a
wide array of factors including but not limited to skill set, level
of experience, and specific office location. As required by the
Colorado and New York City laws, the pay range for this position is
as follows: Minimum full-time salary range is between $120,000 -
$160,000. This position is not bonus eligible, and information on
benefits offered is here. \LI-POST Learning is the most powerful
force for change in the world. More than 20,000 Pearson employees
deliver our products and services in nearly 200 countries, all
working towards a common purpose - to help everyone achieve their
potential through learning. We do that by providing high quality,
digital content and learning experiences, as well as assessments
and qualifications that help people build their skills and grow
with the world around them. We are the world's leading learning
company. Learn more at pearsonplc.com. Pearson believes that
wherever learning flourishes, so do people. We are committed to
being an anti-racist company in everything we do. We value the
power of an inclusive culture and a strong sense of belonging. We
promote a culture where differences are embraced, opportunities are
accessible, consideration and respect are the norm, and all
individuals are supported in reaching their full potential. Through
our talent, we believe that diversity, equity, and inclusion make
us a more innovative and vibrant place to work. People are at the
center, and we are committed to a sustainable environment and
workplace where talent can learn, grow, and thrive. To learn more
about Pearson's commitment to a diverse and inclusive workforce,
please click here:
http://www.pearson.com/careers/diversity-and-inclusion.html Pearson
is an Affirmative Action and Equal Opportunity Employer and a
member of E-Verify. We are committed to building a team that
represents a variety of backgrounds, perspectives, and skills. The
more inclusive we are, the better our work will be. All employment
is decided based on qualifications, merit, and business need. All
qualified applicants will receive consideration for employment
without regard to race, ethnicity, color, religion, sex, sexual
orientation, gender identity, gender expression, age, national
origin, protected veteran status, disability status, or any other
group protected by law. Job: TECHNOLOGY Organization: Assessment &
Qualifications Schedule: FULL\_TIME Req ID: 7400 \location This
employer is a corporate member of myGwork - LGBTQ professionals,
the business community for LGBTQ professionals, students, inclusive
employers & anyone who believes in workplace equality.
Keywords: myGwork, Little Rock , Senior Application Security Engineer, Other , Austin, Arkansas
Click
here to apply!
|