Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Application Security Engineer

Expired Job

AAA Of Southern California Los Angeles , CA 90009

Posted 4 months ago

Teamwork. Integrity. Dedication.

Together, we make a difference.

If you are a career-minded, service-driven professional looking to join a fast paced organization then you have come to the right place. AAA is a member service organization affiliated with the national AAA network. With offices across the U.S., we're united by common mission and common values of excellent member service. With more than 13,000 employees in 21 states, we provide legendary service to 15 million loyal members. With a constantly growing membership, we are always welcoming dedicated professionals looking to challenge themselves and build a career within our dynamic organization. You will find that being part of a very successful team is extremely rewarding.

The Automobile Club of Southern California is seeking career-minded individuals for our Applications Security Engineer/Consultant opportunity in our Los Angeles office (LAHQ).

The role:

This role is an essential part ofthe Application Security Program implementation in ACE addressing one of keyrisks for the company. This position will help define and validate theimplementation of application security controls on ACE systems andapplications. The Applications Security Engineer will contribute to theimplementation of new security standards and processes within ACE's applicationdevelopment community.

Responsibilities:

  • Integrating security tools, standards, and processes into the software development life cycle (SDLC).

  • Ensuring that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities.

  • Improving and supporting application security tool deployments including static and dynamic analysis and runtime testing tools.

  • Improving and maintaining secure development standards.

  • Supporting the incident response and architecture review processes whenever application security expertise is needed

  • Assisting with application framework and perimeter security improvement projects.

  • Supporting Vendor Security activities to ensure 3rd-party software and development meets security standards.

  • Assisting with identifying security requirements for test-driven design.

  • Producing metrics reporting the state of application security programs and performance of development teams against standards.

  • 6-8 years related experience and/or training; or equivalent combination of higher education and experience

  • Thoroughunderstanding of the OWASP 10 Ten and/or SANS Top 25 application securityvulnerabilities, how to detect then, fix them, and most importantly, how toexplain them to developers.

  • Experience inperforming testing of new and existing applications for securityvulnerabilities.

  • Knowledge of programming language and development tools in any of the following technology stacks:

  • Windows Development API's including C#, .NET architecture, WMI, Active Directory, etc.

  • C/C , GNU tool-chain, Linux development environment (core java) and scripting in Linux shells.

  • Mobileapplication development: Objective-C, Swift, Lua, etc.

  • A solid foundation in computer science, with strong competencies in data structures, design patterns, object-oriented programming, algorithms and software design.

  • Strong fundamentals of topics in Operating systems (e.g. virtual memory, IPC, processes, threads, kernel, scheduler, I/O, file systems

  • Excellent analytical skills with the ability to resolve technical issues as both an independent thinker and team member with a focus of action with results.

  • Good verbal and written communication skills

Additional assets:

  • Solid knowledge of and experience with web service technologies such as XML, REST, SOAP, AJAX, JSON, HTML5, JavaScript, and CSS3

  • Background in web and/or mobile application security and penetration testing techniques

  • Experience with an application security testing tool or tools such as HP Fortify, VeraCode, Contrast, Checkmarx, ZAP, etc.)

  • Ability and willingness to quickly learn new skills, flexibility to work in an agile and fluid environment

  • Experience with integrating security tasks into development processes

  • Participated in security operations support and incident handling

Benefits:

  • Health Coverage for Medical, Dental, Vision

  • Paid time off including Vacation, Illness and Holidays

  • Life Insurance

  • Disability Coverage

  • Pension

  • 401k Savings Plan

  • Employee Discounts

  • Career opportunities across multiple business lines and states

'Creating members for life by exceeding our members' expectations through valuable products and legendary service.'

AAA is an Equal Opportunity Employer.

The Automobile Club of Southern California will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable federal, state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Application Security And Vulnerability Engineer

Bank Of Hope

Posted 7 days ago

VIEW JOBS 11/9/2018 12:00:00 AM 2019-02-07T00:00 Summary: Protect Bank of Hope and its customer's reputation by building security as part of the design in applications and operating systems. This is an exciting Application Security and Vulnerability Engineer, Vice President role, reporting directly to the Information Security Compliance Manager. This position is responsible for functioning primarily in one or more of the following security controls: 1. Static Application Security Testing (SAST) 2. Dynamic Application Security Testing (DAST) 3. Vulnerability Assessments (VA) Major Responsibilities: Secure Code Analysis (40%) Vulnerability Assessment (40%) * Manage, lead and architect a scalable implementation plan of Secure SDLC controls (e.g., SAST, DAST) that includes onboarding, remediation guidance, issue tracking and metrics * Persistent drive to significantly increase the usage of Secure SDLC controls (e.g., SAST, DAST) * Partner with the Application Development team and our external vendors to manage Secure SDLC tools so they are efficient and effective * Examine current Secure SDLC and VA practices such as insecure coding, insecure configuration, process improvements, lack of integration and be relentless in executing projects to address the risk or to simply continuously improve * Demonstrate vulnerabilities, explain risk (e.g., likelihood, impact) and provide or facilitate remediation or mitigation coaching so the end user knows how to make a more secure application, achieve compliance Governance (10%) * Provide input into the application security policies and standards taking the risk appetite of the organization into account * Ensure processes and procedures are documented and maintained Intelligence Threat Intelligence (10%) * Stay up-to-date on attack intelligence by collaborating internally via our Threat Operations (TOC) and Security Operations Center (SOC) teams and externally via conferences, virtual training, monitoring attacker forums, reading relevant publications or blogs * Filter intelligence and share insight relevant to BANK OF HOPE for both technical and business audiences Qualifications: Technical Qualifications * Minimum 2 years of experience needed * Subject matter expertise in application security and vulnerability assessments * Deep experience building out or managing an enterprise wide Secure SDLC controls such as SAST, DAST or SCA * Familiar in .NET or Java is highly desirable * Familiar with IDEs Visual Studio, eclipse or IntelliJIDEA * Familiar with SDLC methodologies such as Waterfall, Agile, CI/CD and DevSecOps * Familiar with defect management systems such as Jira * Familiar with build systems such as Jenkins or Maven * Familiar with application security tools such as Veracode SAST, Veracode SCA, Qualys WAS, * Familiar with regulations such as FFIEC or GLBA * Relevant certification is not required but a plus such as CSSLP, GIAC-GSSP-JAVA, GIAC-GSSP-NET, GIAC-Web, CEH, CISA, CRISC, or CISSP Soft Skills Qualifications * Self-Starter – takes the lead to find and solution problems * Communication – ability presenting verbally and orally to business and technical staff in a clear and engaging method * Strategic – able to absorb and analyze information that allows you to make better future decisions * Executing – able to make things happen and get things done * Management – directs, controls and prioritizes work effectively and efficiently * Teamwork – thrives on collective wins * Bank of Hope is an Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law. Bank of Hope will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the employer's legal duty to furnish information. * Please view Equal Employment Opportunity Posters provided by OFCCP here. Bank Of Hope Los Angeles CA

Application Security Engineer

Expired Job

AAA Of Southern California