Sr. Application Security Engineer
This position will report to the Director of Information Security and is responsible for leading NLG’s Application Security program. This individual will be the primary liaison between Information Security and Applications Development, ensuring ongoing communication, education and security testing across the teams. The Sr. Application Security Engineer is the organization’s primary application security expert to ensure client and server-side software implementations are designed and implemented using the best security practices. This role will also be expected to help ingrain secure software development practices into the culture of the organization.
Watch this video to learn more about who we are: https://www.nationallife.com/Careers?wvideo=hkhrdqkqot
What You’ll Find at National Life Group
- Competitive pay and outstanding health, wellness and insurance benefits
- Lucrative 401k employer match
- Genuine opportunities for growth and career advancement
- Over $5K in annual tuition reimbursement, including full tuition sponsorship for completing your undergraduate and graduate degrees with University Arizona World Campus
- Generous paid time off and holidays
- 40 hours of paid community service hours annually
- A culture committed to inclusion and diversity
- Onsite fitness centers at both our Vermont and Texas locations
- Paid family leave
- Align with and support the execution of the Information Security program’s vision and strategy
- Formalize and evangelize secure software development lifecycle practices (SSDLC)
- Define security requirements within the SSDLC to communicate security requirements based on data classification.
- Serve as a technical point of contact for product teams as it relates to automation, CI/CD, and Application Security Operations
- Design and implement security features across a variety of application and OS platforms
- Perform regular web and mobile application assessments to identify vulnerabilities and collaborate with stakeholders to remediate.
- Perform regular reviews to ensure SSDLC is being followed
- Define technical and functional requirements covering areas of software design, including microservice APIs, Cloud Services (Azure, AWS, etc.), and XaaS integration
- Regularly monitor and respond to events in Azure Security Center
- Perform software reviews, analyze security flaws and risks, and influence product designs.
- Perform formal threat model analysis on multiple client and server-side software programs.
- Work with validation teams to determine best methods to test product security. Familiar with penetration testing and in some cases, can design and perform your own penetration tests.
- Investigate reported security incidents on our software and act as the communication point for executive updates in those situations.
- The role requires a practical view of the trade-offs of security and needs to be able to find acceptable compromises in terms of cost, schedule, and features.
- Serve as an information security subject matter expert and trusted advisor by providing advisory and consulting services as required
- Understand current and emerging security threats and partner with architecture to mitigate threats
- Stay abreast of new security technologies and integrate into security design when appropriate
- Bachelor’s degree in Computer Science or related field, or demonstrated equivalent experience required
- 7 – 10 years of experience in application security and/or leading secure coding development
- Experience designing and implementing Container Security, API Security, and Azure Cloud Security.
- Strong knowledge of Containerization technologies such as; Kubernetes, OpenShift, Docker
- Experience in encryption and authentication methodologies.
- Experience reviewing vulnerability assessments and code security reviews.
- Experience with security technologies and assessment tools.
- Deep understanding of OWASP Top 20, CWE 25, Data Protection
- Basic familiarity with waterfall and agile development processes and have experience integrating secure development practices into both models.
- Deep knowledge and experience in using SAST, DAST and fuzz testing tools
- Basic understanding of application, network, operating system, and core infrastructure security concepts and concerns
- Understanding of emerging technologies in IT such as a Cloud Platform and Mobile BYOD as well as the associated security risks
- Certification or willingness to attain certification within 18 months, CISSP or CSSLP certifications preferred.
- Strong analytical and problem-solving skills.
- Ability to meet established deadlines; must be a self-starter and be able to work independently as well as being a team player
- Excellent communication and presentation skills, with the ability to present ideas in a collaborative team setting and in a user-friendly language
- Ability to multitask
- Must be able to react quickly and efficiently to production issues
- Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including senior managers and suppliers
- Energy and a clear passion for the role
- Demonstrated personal values aligned with our servant leadership tenants
- Must be able to successfully pass a background check
National Life Group® is a trade name of NLIC, Montpelier, VT, Life Insurance Company of the Southwest (LSW), Addison, TX and their affiliates. Each company is solely responsible for its own financial condition and contractual obligations. LSW is not an authorized insurer in NY and does not conduct insurance business in NY.
This role is not open to applicants residing or otherwise based in Colorado and cannot be performed in Colorado.
Job Code : 06ITIT69
- Address Dallas, TX, USA
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 5-10
- Academic Degree Bachelors