Senior Application Security Engineer

About the job

Position Overview

Under limited supervision, monitors, evaluates, and maintains the security and integrity of the global systems, to safeguard data systems. Assists technical efforts for ensuring security is applied to the technology platforms and information within the organization in accordance with established standards and policies. Responsible for participating in application security assessments and remediation activities while working with application development teams to meet the requirements of the Secure Software Development Lifecycle (SSDLC).

Responsibilities

  • Assist with the evaluation, design, maintenance, and the upgrades of software that provides security services to all RGA associates and clients worldwide.
  • Participates in code reviews and design reviews for application security. Leads reviews in designated areas such as secrets management.
  • Participates in the administration of various security services that monitor systems and programs and assists with internal and external security scanning as well as automation of security processes into CI/CD pipelines.
  • Interprets security scan results and ensures risks are addressed for the SSDLC and other standards.
  • Ensures user community understands and adheres to necessary procedures to maintain application security.
  • Perform other duties as assigned.

Requirements

Education

Required: Bachelor’s degree or equivalent experience

Preferred: Master’s degree and/or LOMA certification

Required Experience

  • 5+ years’ experience in information systems.
  • Basic knowledge of firewalls and maintenance of secure network environment.
  • Knowledge of basic routed internal networks, secrets management, and AuthN/AuthZ technologies.
  • Knowledge of OWASP Top Ten application security assessments and code reviews.
  • Knowledge of security testing tools such as Burp Suite or Zed Attack Proxy.
  • Strong analytical and problem-solving skills.
  • Strong oral and written communication skills.
  • Ability to work well within a team environment.
  • Ability to work with limited supervision.
  • Ability to multi-task.

Technical Requirements

  • Unix based security
  • Unix
  • Firewall Systems
  • Mail Exchange
  • Web Proxy
  • Anti-virus software
  • VPN
  • Log analysis
  • TCP/IP

Preferred Experience

  • 6+ years’ experience
  • Insurance industry knowledge
  • Knowledge of Web server environment and email exchange
  • Experience in GDPR, SOC 2 compliance, and NIST 800-53 controls.
  • Experience in public and hybrid cloud environments such as AWS.

Preferred Technology Experience

  • Intrusion detection and prevention
  • Web application development technologies
  • SSL VPN

Company Overview

RGA Empowers Employees. It’s one thing to hire smart people, it’s another to empower them. This is one of the most important differences between RGA and its competitors. RGA empowers its employees to use their intelligence and creativity to find solutions for its customers. To be proactive in their approach to bringing value to our customers.

More Information

Apply for this job

Leave your thoughts