Sr Application Security Engineer

Disney Glendale , AZ 85301

Posted 2 months ago

Job Description:

Drive secure development practices by:

  • Analyzing source code, both with manual and automated tools for security related weaknesses and common problems

  • Performing manual and automated analysis on applications using open source and custom tools

  • Proactively testing using a mix of static and dynamic application security tests (SAST and DAST)

  • Preparing summary security review reports which quantify and communicate the risk of the vulnerabilities

  • Partner with development teams to ensure risk is understood as well as to track and validate all remediation tasks

Drive efficiency improvements by:

  • Analyzing processes and toolsets, continuously identify areas for automation and improvement

  • Assisting in tools and dashboards development

  • Authoring white papers and standards ensuring best practices are documented and easily understood by the development community

  • Mentoring junior members of staff

  • Speaking the engineering team's language and demonstrating real, practical risk and value.

Being an ambassador for the security team, building relationships with the development teams security specialists to make certain they engage early and often ensuring security is an enabler not a blocker

Job Type

Full Time

Alternate Location-State/Region

WA

Segment

Direct-to-Consumer and International

Category

Technology

Business

Direct-to-Consumer and International

Postal Code
91201

Alternate Country / Region

US

Alternate Location-City

Seattle

Job Description

Drive secure development practices by:

  • Analyzing source code, both with manual and automated tools for security related weaknesses and common problems

  • Performing manual and automated analysis on applications using open source and custom tools

  • Proactively testing using a mix of static and dynamic application security tests (SAST and DAST)

  • Preparing summary security review reports which quantify and communicate the risk of the vulnerabilities

  • Partner with development teams to ensure risk is understood as well as to track and validate all remediation tasks

Drive efficiency improvements by:

  • Analyzing processes and toolsets, continuously identify areas for automation and improvement

  • Assisting in tools and dashboards development

  • Authoring white papers and standards ensuring best practices are documented and easily understood by the development community

  • Mentoring junior members of staff

  • Speaking the engineering team's language and demonstrating real, practical risk and value.

Being an ambassador for the security team, building relationships with the development teams security specialists to make certain they engage early and often ensuring security is an enabler not a blocker


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Application Security Penetration Tester

Csaa Insurance Group

Posted 2 weeks ago

VIEW JOBS 9/1/2019 12:00:00 AM 2019-11-30T00:00 Job Title Application Security Penetration Tester Requisition Number R3515 Application Security Penetration Tester (Open) Location Glendale, Arizona Additional Locations Job Information Are you a highly skilled Security professional that has a passion for Application Security in a DevOps world? Bring your proficiency to help us craft our IT Security program, next gen. You have a consistent record for driving product security initiatives and experience delivering software security at scale. You'll lead application security testing (SAST, DAST, and RASP), penetration testing, web application firewall management, and red teaming. You will be involved in developing security controls, defenses and countermeasures to ensure least-privilege access or to intercept and prevent internal or external attempts to infiltrate company email, data, e-commerce and web-based systems. Develops, maintains and publishes corporate information security standards, procedures and guidelines for company computing platforms. You are a specialist able to work in all phases of assignments in providing technological expertise to associates and other functional areas. Responsible for all project management and related activities for assignments of diverse scope and complexity. Help us re-think what it means to be a secure insurance provider in a fast-changing, highly fierce market. While we've been named a 'best place to work,' our proudest accomplishment comes from serving nearly 17 million AAA members in 23 states and Washington, D.C. For employees focused on identity access management engineering: * Develop strategies and oversees implementation and updates of Identity and Access Management technologies. * Assist in the review and update of information security policies, architecture, and standards. * Perform engineering for points of integration between IAM technologies and other systems. Provides installation and integration guidance to the system development staff. Documents developed resolutions. * Communicate security risks, support and recommendations to business colleagues as needed for security related issues. * Provide internal security consulting for complex application development, database design, network, and/or platform (operating system) efforts, helping project teams adhere to company and IT security policies, regulations, and standard methodologies. * Provides tier-3 support for incident resolution. For Employees focused on identity and access management analysis: * Evaluate business IAM requirements for company business application integration or service activation. * Plan, organize and lead requirement sessions and analyze business requirements for system access (role mining/role engineering). Prepare colleagues for their roles in participating in these sessions. * Ensure that frequent organizational changes involving user access needs are correctly translated to AM processes and automation. * Coordinate periodic user access certification with business colleagues or data owners. For employees focused on cyber threat, prevention, detection and response: * Research attempted or successful efforts to compromise systems security and designs countermeasures. * Analyze and makes recommendations to improve network, system, and application architectures * Provide information to management around the negative impression on the business caused by theft, destruction, alteration or denial of access to information and systems. * Create and maintain logical security reporting that facilitates logical security monitoring. This includes examining network, server, and application logs to identify trends, security incidents, potential threats or outages. * Lead response to audits, penetration tests and vulnerability assessments. CSAA Insurance Group offers many benefits, including: * Comprehensive health care plans, including medical, dental, vision, and tax-deferred spending accounts. * Employee assistance, healthy pregnancy and wellness programs. * Paid time off, plus nine paid holidays and 24 hours of volunteer time off. * 401(k) plus company matching up to 6% and a cash balance pension program. * Paid training, tuition reimbursement, self-service training and career development opportunities. Be part of a community that works: At CSAA Insurance Group, we take pride in our values-based culture. Helping our employees have enriched lives and satisfying careers is how we work. Our employees appreciate the integrity and inclusion that is evident throughout our everyday interactions. We respect the diverse range of perspectives, backgrounds and cultures of our teams, and join together when it comes to helping our members, community or one another. Headquartered in Walnut Creek, California, our community also works in Arizona, Colorado, Nevada, New Jersey and Oklahoma. Learn more about us at CSAA-Insurance.aaa.com/careers Please submit your application to be considered. We communicate via email, so check your inbox to ensure you don't miss important updates from us. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexua orientation, age, marital status, veteran status, or disability status. Authorization is required to work indefinitely in the US * LI-SB1 Knowledge, Skills, and Abilities Required: Knowledge of security issues, techniques and implications across all existing computer platforms. Expertise in account management, password auditing, network based and Web application based vulnerability scanning, virus management and intrusion detection. Technical expertise in systems administration and security tools, combined with the knowledge of security practices and procedures. Able to work with a changing schedule that includes standard or non-standard business hours of work. Preferred: Proactively contribute to innovation efforts that support the alignment of security and IT technologies to business requirements with focus on user experience, performance, ROI, and TCO. Education and Work ExperienceRequired: Bachelor's or equivalent experience in Computer Science, Information Systems, or other related field. 8+ years of relevant experience SAS Certification Csaa Insurance Group Glendale AZ

Sr Application Security Engineer

Disney