Application Security Engineer

Application Security Engineer

Responsibilities

As a direct report to the Manager of Application Security, you will have the following accountabilities:

• Partner with security architects, other functional-area architects, engineering, and security specialists to ensure adequate security solutions and controls are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements;

• Based on their own strong development background with prominent web or mobile development languages and frameworks; provide advanced security remediation advice directly to development and testing teams;

• Provide expert-level guidance to security analysts, testers, and development teams during application security assessments. Must be able to identify, re-create, and remediate security defects;

• Design, develop, and implement automation features into our existing security pipeline. Experience with Django / Python required. Experience with Go a plus.Working knowledge of automated application security-related tools such as AppSpider, Checkmarx, Qualys, and Nessus;

• Ability to perform manual assessments via tools such as HTTP Proxies (BurpSuite Pro, OWASP ZAP), automation scripts, shell scripting w/ curl, fuzzers and other commercial and open source tools;

• Experience implementing and integrating Selenium into security / regression testing a plus;

• Experience using and testing REST and/or SOAP APIs;

• In-depth knowledge on common web application security flaws and secure coding practices and the ability to clearly explain security issues to project and development staff;

• Advocate for OWASP Application Security Verification Standard (ASVS) as an internal standard, explain how it applies to application development teams, and why it matters;

• Ability to prioritize and track security issues and work with the necessary teams to ensure remediation;

• Serve as a leader by promoting security awareness, mentoring other team members, and staying up-to-date on current development methodologies (Agile/DevOps);

• Understand HTTP, REST, SOAP, XML and JSON as it relates to APIs and AJAX

• Ensure Pearson’s Application Security controls are aligned with, and take advantage of, AWS / Azure / Rackspace / VSphere APIs and the cloud SDK’s;

• Embrace a culture of continuous service improvement and service excellence; and

• Stay up to date on security industry trends.

Candidate Profile

• 2 years+ in Information Security space;

• 5 years+ in enterprise software development;

• Strong experience with modern development languages and frameworks, with a passion to make security realistic, achievable and interwoven with the business fabric;

• Strong oral, written, and presentation abilities - able to convey risk to all levels of the business, from C-level executives to operations and development teams;

• Strong experience in migrating enterprise companies from traditional data center infrastructure, application and data designs to hybrid or fully-cloud enabled practices.

• Strong experience with cloud provider ecosystems, including Amazon AWS, Microsoft Azure, and OpenStack.

• Strong understanding of web applications and architectures, relational and non-relational databases, and hardware architectures, and effectively applying the principles of information security to IT environments

• Strong experience working in a multi-platform, multi-protocol, distributed enterprise computing environment;

• Strong understanding of modern application development and operational philosophies

• Some experience with Unix/Linux and Windows system administration;

• Some understanding of governance frameworks such as ITIL and ISO 27001;

• Some project management experience: Able to assess needs, define objectives, identify resources needed to achieve objectives and begin implementation towards goal completion;

• Must be able to work effectively alone and as part of a larger project team.

• Current understanding of Industry trends and emerging threats; and

• Knowledge of incident response methodologies and technologies.

Please click the link to apply - https://pearson.taleo.net/careersection/ex/jobdetail.ftl?job=1612807