100% remote
Summary
Looking for a Senior Application Security Engineer with extensive product security experience and deep expertise in web security, applied cryptography, software security vulnerabilities, knowledge of IAM solutions including federation as well as in-depth knowledge of software security standards/best practices to join our team.
We take security very seriously, and protecting our customers is our highest priority. The right candidate must be a self-starter who is passionate about security and is excited to work in a highly collaborative environment alongside a diverse team of experts every day.
Description
The Senior Application Security Engineer is a technical subject matter expert for multiple areas of application and product security. The Senior Application Security Engineer is responsible for performing design reviews, technical security assessments, and code reviews to highlight risk and help engineering teams improve the overall security of our products. The Senior Application Security Engineer is a security leader within the company, gaining a solid understanding of our products and systems, and ensuring that security is built into development projects. This position requires both deep and broad technical knowledge across various disciplines, and the ability to work hands-on across various software designs and technology stacks.
In addition to having strong technical skills, the Senior Application Security Engineer must be comfortable in effectively communicating with business end users, technical IT teams, business partners, network providers, and business process outsourced vendors, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.
Serve as a primary technical security resource on product development
Perform design reviews and technical security assessments to highlight risk and help engineering teams improve the overall security of our products
Design and implement security best practices and standards across varied engineering teams and environments
Implement and conduct code reviews with a combination of static testing, manual reviews, and dynamic analysis / pen-testing
Conduct threat modeling, identify & drive risk decisions, and influence technical designs and architectures
Engage with developers to initiate and support remediation
Perform security reviews of new services and features
Build tools to simplify and automate Vulnerability Management processes
Provide engineering designs to mitigate security vulnerabilities in new software solutions
Design and implement tooling and automation for application security (e.g. SAST/DAST in CI/CD)
Perform regular security testing as well as code reviews to improve software security
Maintain technical documentation related to software security
Ensure software security at all levels of architecture
Stay updated with the latest tools and advanced industry practices for software security
Advocate for security culture and educate colleagues across all parts of the company
Please keep job posting as neutral as possible - confidential backfill - no UMG branding
Remote position - Southern California preferred
Skills:
This is a senior position, experience in the application security space with an identity focus is key
Essential:
Develop and implement advanced security techniques according to the technical architecture of our firm
Perform regular security testing as well as code reviews to improve software security
Troubleshoot and debug issues as soon as they arise
Maintain technical documentation related to software security
Provide engineering solutions to mitigate security vulnerabilities in new software initiatives
Ensure software security at all levels of architecture
Continuous alignment with the latest tools and advanced industry practices for software security
Industry certifications such as OSCP, CCSP, SSCP, CISSP
Desirable:
Bachelor's Degree in Computer Science, Engineering, Network Security, or related field with 10+ years related industry experience
Demonstrated excellent technical writing skills and project/program management experience
Multiple language skills a plus.
Skills:
Required
.NET
AUTHENTICATION
B2C
CISSP
CRYPTOGRAPHY
Additional
ENGINEER
ITIL
JAVA
JAVASCRIPT
LDAP
OAUTH
PROBLEM-SOLVING
SAML
SECURITY
SOA
SOFTWARE DEVELOPMENT
SOFTWARE ENGINEERING
WEB SERVICES
ARCHITECTURE
B2B SOFTWARE
DOCUMENTATION
PROGRAM MANAGEMENT
PROJECT MANAGEMENT
SOFTWARE ENGINEER
STRUCTURED SOFTWARE
TECHNICAL ARCHITECTURE
TECHNICAL DOCUMENTATION
WRITING SKILLS
XML
