Application Security Eng

Allstate Charlotte , NC 28202

Posted 1 week ago

Application Security Engineer

Req ID 115493-Posting Start Date 2019-03-19

Job Summary

In addition to Irving, TX, we are open to candidates in the Charlotte, NC & Tempe, AZ markets to work in our offices in those locations.
Company Technology & Strategic Ventures team is embarking on a journey to integrate security inside the software development lifecycle. Application Security is tasked to develop a security framework within the Company SDLCs, establish a software security assurance process, and work with product delivery teams to build applications securely from start to finish.

The Application Security Engineer will be responsible for integrating security into the development of Company’s applications. The Application Security Engineer will work closely with the product and software development team to threat model, vulnerability scan, and pen test the early software, system, and network architecture and identify required control points in the application stack. The Application Security Engineer will also work closely with developers to diagnose, document, and remediate application security vulnerabilities. The Application Security Engineer will also be responsible for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.

Key Responsibilities

  • Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.
  • Develop and maintain a balanced application security program based on a well-defined application security framework.
  • Conduct application security assessments / penetration tests and implement tools for dynamic/automated code reviews.
  • Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments.
  • Ensure compliance with society, regulatory, and industry standards for application security.
  • Continuously evaluate the organization’s existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
  • Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
  • Conduct code reviews and penetration testing.
  • Develop and maintain unit and integration tests designed to ensure security controls are tested on every build.

Job Qualifications

The ideal candidate would be 50% programmer and 50% hacker. Examples of qualifications that resemble this profile are as follows:

  • 3-5 years’ experience in a software development field such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer
  • Highly proficient in at least one of the following development languages: Java, .NET, Node.js, or Python
  • Possess a strong understanding of application architectural patterns, such as MVC, Microservices, Event-driven etc.
  • Creative, organized, responsive, and highly thorough problem solver
  • Possess strong business acumen with ability to work with application development, QA and security teams
  • Possess a restlessness or desire to break into things
  • Knowledge of the OWASP Top 10
  • Strong self-starter who has the ability to operate independently
  • Has solid understanding and experience with establishing software development policies across an organization
  • Excellent oral/written presentation skills with ability to communicate effectively with senior executive leadership; proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement and performance
  • Understanding and Passion for Agile/XP/Scrum/Kanban
  • Understanding of Test Driven Development built on User Stories
  • Understanding of Continuous Integration/Testing/Delivery
  • Familiarity with Metasploit, Burp Suite, Fuzzing, Gaunlt, and Jenkins is preferred
  • Familiarity with code reviews and penetration testing preferred
  • College degree with advanced degree preferred
  • OSCP, OSCE, or OSWE Certifications are a major plus

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Application Security Consultant

Pwc

Posted 1 week ago

VIEW JOBS 9/12/2019 12:00:00 AM 2019-12-11T00:00 A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You'll focus on being the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protect our firms intellectual assets. To really stand out and make us ?t for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. As a Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: - Pursue opportunities to develop existing and new skills outside of your comfort zone. - Act to resolve issues which prevent effective team working, even during times of change and uncertainty. - Coach others and encourage them to take ownership of their development. - Analyse complex ideas or proposals and build a range of meaningful recommendations. - Use multiple sources of information including broader stakeholder views to develop solutions and recommendations. - Address sub-standard work or work that does not meet firm's/client's expectations. - Develop a perspective on key global trends, including globalisation, and how they impact the firm and our clients. - Manage a variety of viewpoints to build consensus and create positive outcomes for all parties - Focus on building trusted relationships. - Uphold the firm's code of ethics and business conduct. Job Requirements and Preferences: Basic Qualifications: Minimum Degree Required: High School Diploma Minimum Years of Experience: 4 year(s) progressive professional roles involving information security and/or IT management. Preferred Qualifications: Degree Preferred: Bachelor Degree Preferred Knowledge/Skills: Demonstrates extensive knowledge and/or a proven record of success in the following areas: * Understanding risk management principles or another technical domain related to Risk Management that is applied in the context of a broader understanding of Risk Management, related systems and processes; * Contributing to the development of new subject matter or technical domain specialization related to Risk Management; * Influencing others through a small team of direct reports, through work on projects and in teams, or through leading portions of larger projects; * Encouraging improvement and innovation within Risk Management and nurturing and developing less-experienced staff through coaching and written and verbal feedback; * Performing Risk Management tasks with autonomy; * Understanding information security controls & ISMS standards such as ISO27001/2, CobIT, CRISC etc.; and, * Understanding SOC2 compliance standards. Demonstrates extensive abilities and/or a proven record of success in the following areas: * Resolving multi-faceted problems by continuously applying significant independent judgment and by collaborating with others; * Balancing business stakeholders and a central technology service organization; * Navigating a matrix organization; * Collaborating with multiple stakeholders across functional and technical skillsets; * Working effectively in a global professional services organization, preferably in the financial services industry; and, * Managing multiple relationships and stakeholders throughout major transformation. All qualified applicants will receive consideration for employment at PwC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. PwC is proud to be an affirmative action and equal opportunity employer. For positions based in San Francisco, consideration of qualified candidates with arrest and conviction records will be in a manner consistent with the San Francisco Fair Chance Ordinance. Pwc Charlotte NC

Application Security Eng

Allstate