Application Security Engineer

About the job

Cambridge Mobile Telematics (CMT) is the world’s largest telematics service provider. Its mission is to make the world’s roads and drivers safer. The company‘s AI-driven platform, DriveWell®, gathers sensor data from millions of IoT devices — including smartphones, proprietary Tags, connected vehicles, dashcams, and third-party devices — and fuses them with contextual data to create a unified view of vehicle and driver behavior. Companies from personal and commercial auto insurance, automotive, rideshare, smart cities, wireless, financial services, and family safety industries use insights from CMT’s platform to power their risk assessment, safety, claims, and driver improvement programs. Headquartered in Cambridge, MA, with offices in Budapest, Chennai, Seattle, Tokyo, and Zagreb, CMT serves millions of people through over 95 programs in 25 countries, including 21 of the top 25 US auto insurers.

Our business is growing very fast, and the mission of our team is simple: reduce the risk in our future growth. As our Application Security Engineer, you will join our Security, Privacy, and Compliance Team to help our team with different aspects of the Vulnerability Management (VM) Program.

In this role you will assist the Security, Privacy, and Compliance with enhancing, further developing, and continuously improving CMT’s VM Program. This is a very large domain, and you’ll routinely encounter novel challenges. You will partner with our developers to help our employees understand the different security controls that are in place; and to assist the continuous improvements to our vulnerability management program so we keep pace with the evolving world around us. If you are someone that understands that informed employees and scalable processes are the key to the success of our Security, Privacy, and Compliance Program, we’d love to speak with you.

Responsibilities:

• Perform SAST/DAST/SCA/OSS tool configuration, remediation workflows, automation, and develop solutions to continuously improve the Vulnerability Management program.
• AWS IAM Policy management and AWS Infrastructure security
• Contribute to the design and implementation of the vulnerability management program that leverages a risk-based approach to help evaluate, prioritize, and secure CMT’s systems and applications.
• Maintain patch and vulnerability management best practices to protect against the exploitation of critical application and system vulnerabilities
• Effectively communicate security vulnerabilities and risks to issue owners and assists in remediation efforts
• Participate in the Security Incident Response Team investigation and response activities as required
• Facilitate routine vulnerability management review meetings with stakeholders to drive remediation efforts
• Serve as a subject matter expert on application and system vulnerabilities and threat management
• Participate in the development and maintenance of executive and team dashboards and/or regular reports to communicate department-specific security risks and threats
• Manage other tasks and projects as requested by the Security, Privacy, and Compliance
• Complete any additional tasks as they arise

Qualifications:

• Bachelor’s degree or equivalent years of experience and/or certification in a related field
• 2+ years of relevant working experience
• Knowledge of software development and general understanding of mobile development/SDK artifacts/build pipelines
• Knowledge of DAST / SAST and related vulnerability management tools – such as Qualys, Veracode, Synopsys, Github Advanced Security
• Familiar with Pen Testing and Threat Modeling
• Demonstrated understanding of common security standards/frameworks, e.g. CVE, CVSS, MITRE
• Experience with scripting/programming for automation
• General understanding of of Identity and Access management in cloud based platforms like AWS
• Excellent verbal and written communication skills, being able to communicate the importance of certain projects and metrics to team members, cross-functional partners, and management
• A can-do attitude and an adaptable mindset that fosters the ability to learn new technologies and concepts quickly Knowledge, Skills, Abilities and Competencies

Compensation and Benefits:

• Fair and competitive salary based on skills and experience
• Equity in the form of Restricted Stock Units (RSUs)
• Private healthcare
• Life insurance
• Parental leave
• Flexible scheduling and work from home policy depending on role and responsibilities

Additional Perks:

• Feel great working to improve road safety around the world!
• Join one of our many employee resource groups including Black, AAPI, LGBTQIA+, Women, Book Club and Health & Wellness
• Extensive wellness, education and employee assistance programs
• CMT will do all that is possible to support our employees and create a positive and inclusive work environment for all!

Commitment to Diversity and Inclusion:

At CMT, we are intensifying our commitment to provide opportunities and career growth to the underrepresented. We are focused on creating an inclusive work environment that encourages a diversity of background and thought to produce the best products and services within our industry.

CMT is an equal opportunity employer and strives to create an inclusive and diverse environment that enriches our employees’ lives in and outside of work. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status or disability state. CMT is headquartered in Cambridge MA. To learn more, visit www.cmtelematics.com and follow us on Twitter @cmtelematics.