Information Security Specialist I

Job Summary

Farmers Information Security is a great place to learn and grow as an information security professional.
We are looking for a talented cybersecurity professional to join our team. The successful applicant will have a passion for the security discipline and a willingness to learn fast.

Essential Job Functions

This role will be a key member of a vital team responsible for defending Farmers Insurance and our customers from cybersecurity threats, and will help drive our application security and reporting efforts. The team’s responsibilities include:
• Maintaining and driving the adoption of our application security tools.
• Ensuring that all applications meet security requirements.
• Working with our application developers to remediate identified code flaws.
• Driving secure coding training and evangelizing secure coding best practices.
• Integrating security into DevOps processes.
• Making recommendations for necessary changes to our security controls to address emerging security threats.
• Build and manage relationships with a wide network of local business and IT front-line and senior stakeholders.
• Working with assigned business units to help them comply with Farmers information security policies and keeping the IT leads informed of their security posture.
• Analyzing complex data about application security risk and compliance, and presenting that information to Farmers leadership and other stakeholders.
• Identify, assess, document, and articulate all types of data security and data privacy risks in addition to appropriate countermeasures and controls to address data security and data privacy concerns.
• Participate in audits of cyber programs and projects. Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
• Create, review, and update security policies, procedures, standards and guidelines.

Education Requirements

Experience Requirements

We’re looking for someone with moderate experience working on information security issues (5-7 years), and a demonstrated passion for the security discipline. Other requirements:
• Experience with application security tools and processes (Web Application Firewalls, Static Application Security Testing, API Security, etc.).
• Exposure to Agile and DevSecOps.
• Intellectual curiosity about cyber security issues. You stay current on industry trends and emerging risks.
• Flexibility. The duties of this role will likely evolve based on the interests and capacity of the individual hired.
• Demonstrated critical thinking skills to create and articulate logical, risk-based outcomes.
• Commitment to being detail-oriented and observant in order to identify opportunities for process improvement.
• Understanding of a broad range of security technologies and how they work, but not necessarily all of the details.
• Strong written and verbal communication skills. Ability to communicate technical topics to non-technical audiences.
• Problem solving skills. You don’t give up. You find a way.

Experience in one or some of the following areas is preferred but not required:
• Investigating cyber incidents.
• Log collection and analysis.
• Vulnerability and patch management.
• Operating and trouble-shooting security tools (SIEM, endpoint agents, CASB, etc.).
• Threat intelligence and risk assessment.
• Conducting third-party risk assessments.
• Security best practices including experience with NIST 800-53, ISO27001 and PCI DSS.
• Functional knowledge of at least one scripting language.