Sr. Application Security Engineer - Cyber Defense Professionals

Job Expired

Job Details

Description

Sr. Application Security Engineer

Summary

This position will report to the Director of Information Security and is responsible for leading NLG’s Application Security program. This individual will be the primary liaison between Information Security and Applications Development, ensuring ongoing communication, education and security testing across the teams. The Sr. Application Security Engineer is the organization’s primary application security expert to ensure client and server-side software implementations are designed and implemented using the best security practices. This role will also be expected to help ingrain secure software development practices into the culture of the organization.

Watch this video to learn more about who we are: https://www.nationallife.com/Careers?wvideo=hkhrdqkqot

What You’ll Find at National Life Group

Competitive pay and outstanding health, wellness and insurance benefits
Lucrative 401k employer match
Genuine opportunities for growth and career advancement
Over $5K in annual tuition reimbursement, including full tuition sponsorship for completing your undergraduate and graduate degrees with University Arizona World Campus
Generous paid time off and holidays
40 hours of paid community service hours annually
A culture committed to inclusion and diversity
Onsite fitness centers at both our Vermont and Texas locations
Paid family leave

Key Responsibilities

Align with and support the execution of the Information Security program’s vision and strategy
Formalize and evangelize secure software development lifecycle practices (SSDLC)
Define security requirements within the SSDLC to communicate security requirements based on data classification.
Serve as a technical point of contact for product teams as it relates to automation, CI/CD, and Application Security Operations
Design and implement security features across a variety of application and OS platforms
Perform regular web and mobile application assessments to identify vulnerabilities and collaborate with stakeholders to remediate.
Perform regular reviews to ensure SSDLC is being followed
Define technical and functional requirements covering areas of software design, including microservice APIs, Cloud Services (Azure, AWS, etc.), and XaaS integration
Regularly monitor and respond to events in Azure Security Center
Perform software reviews, analyze security flaws and risks, and influence product designs.
Perform formal threat model analysis on multiple client and server-side software programs.
Work with validation teams to determine best methods to test product security. Familiar with penetration testing and in some cases, can design and perform your own penetration tests.
Investigate reported security incidents on our software and act as the communication point for executive updates in those situations.
The role requires a practical view of the trade-offs of security and needs to be able to find acceptable compromises in terms of cost, schedule, and features.
Serve as an information security subject matter expert and trusted advisor by providing advisory and consulting services as required
Understand current and emerging security threats and partner with architecture to mitigate threats
Stay abreast of new security technologies and integrate into security design when appropriate

Job Requirements

Bachelor’s degree in Computer Science or related field, or demonstrated equivalent experience required
7 – 10 years of experience in application security and/or leading secure coding development
Coding experience with .NET, Java, JavaScript, and/or Python experience required. Windows development experience required. This role requires the ability to identify code security flaws across multiple platforms.
Experience designing and implementing Container Security, API Security, and Azure Cloud Security.
Strong knowledge of Containerization technologies such as; Kubernetes, OpenShift, Docker
Experience in encryption and authentication methodologies.
Experience reviewing vulnerability assessments and code security reviews.
Experience with security technologies and assessment tools.
Deep understanding of OWASP Top 20, CWE 25, Data Protection
Basic familiarity with waterfall and agile development processes and have experience integrating secure development practices into both models.
Deep knowledge and experience in using SAST, DAST and fuzz testing tools
Basic understanding of application, network, operating system, and core infrastructure security concepts and concerns
Understanding of emerging technologies in IT such as a Cloud Platform and Mobile BYOD as well as the associated security risks
Certification or willingness to attain certification within 18 months, CISSP or CSSLP certifications preferred.
Strong analytical and problem-solving skills.
Ability to meet established deadlines; must be a self-starter and be able to work independently as well as being a team player.
Excellent communication and presentation skills, with the ability to present ideas in a collaborative team setting and in a user-friendly language.
Ability to multitask
Must be able to react quickly and efficiently to production issues.
Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including senior managers and suppliers.
Energy and a clear passion for the role.
Demonstrated personal values aligned with our servant leadership tenants.
Must be able to successfully pass a background check.