Associate Security Engineer – Application & Product Security

About The Position

Requirements

• High School Diploma or GED required.
• 0-2+ years Information Security experience.
• 0-2+ years Application/Product Security experience.
• 0-2+ years API Security analyst experience.
• Knowledge of security offerings within one or multiple major cloud platforms (Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), etc.) preferred.
• Knowledge of container and service-oriented security architecture for cloud-based services preferred.
• Knowledge with a modern SDLC including CI/CD pipelines, cloud architecture, API economies, and container deployment preferred.
• Knowledge of enterprise applications (support, and troubleshooting) preferred.
• Understanding of OWASP API Security Top 10
• Demonstrated self-starter with strong analytical skills.
• Ability to manage multiple tasks simultaneously and meet established deadlines.
• Ability to collaborate with business teams on technology & security-related controls, tasks, and projects.
• Ability to work productively while remote and communicate effectively in a virtual team and on location hybrid work environment.
• Ability to work within agile and waterfall project methodology.
• Ability to stay current with new technology.
• Ability to support appropriate Information Security and Technology standards to meet business requirements.

Nice To Haves

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or another related field is preferred.
• Security+ and GSEC security certifications are preferred.
• Knowledge of application security tools, functions, and services similar to Snyk, Veracode, Netsparker, BurpSuite, Imperva, Radware, BugCrowd, SD Elements, OPSWAT, Okta, ThreatMetrix, and Auth0 preferred.

Responsibilities

• Support Security Enablement via an Agile Method
• Support the AVP, Application and Product Security in implementing a robust Customer Identity and Access Management (CIAM) function to ensure security and privacy aspects to registration, authentication, self-service, personalization of experience and privacy of member data is secure and meets required regulatory requirements.
• Support program strategy for API security, mergers and acquisitions evaluations, and open-source security.
• Support the AVP, Application and Product Security in the implementation of secure engineering practices such as design & code reviews, API security reviews, threat modeling, penetration testing, continuous integration, and security focused behavior-driven development.
• Support the design development, and validation of secure code of systems, solutions and processes from a security perspective and premise, hybrid and with multiple cloud providers.
• Support application security continuous improvement plan and drive execution by driving best practices within teams with respect to security policies, procedures, standards, and guidelines in line with industry leading practices for on-prem, hybrid and cloud specific environments, application and product development.
• Support secure development through the CI/CD pipelines, toolchains, and operations on secure code practices.
• Perform other duties and responsibilities as assigned.
• Maintain and optimize existing APIs for Confidentiality, Integrity, and Availability.
• Support secure API code reviews with internal and external product teams.
• Support secure API development through the CI/CD pipelines, toolchains, and operations on secure code practices.
• All employees and business units, as first line of defense, are expected to proactively help identify, assess, manage, and report risks within their domain of work.
• To enhance a healthy risk culture and support our growth for good pillar, employees will maintain vigilance in safeguarding our operations while ensuring compliance with regulatory mandates.

Benefits

• competitive pay
• an excellent benefit package that includes a 401(k) Plan
• an extensive paid technical and on-the-job training program
• tuition reimbursement