Application Security Engineer
Company: Pearson
Location: Des Moines
Posted on: March 17, 2023
|
|
|
Job Description:
Application Security Engineer you will be responsible for
testing, designing, and implementing security controls and
solutions driven by CISO and company policies and standards to
reduce the risk to Pearson VUE and its customers. This includes
enterprise-level design work for system security, cloud security,
identity and access management, data protection and many more.
The Application Security Engineer is a member of the Cyber Security
team and is responsible for reviewing security designs,
implementing technical security controls, and designing security
solutions. They will help implement the information security
design, enforce compliance with security policies and controls and
function as a technical security expert on various projects. This
is a mid to senior technical role.
The Application Security Engineer will:
Security controls and best practices
Work closely with product and platform teams to implement security
controls with a focus on Application Security
Plan, implement, upgrade, and monitor security measures related to
application security
Work closely with functional-area architects, engineering, and
security specialists throughout Pearson VUE to ensure adequate
security solutions and controls are in place throughout all VUE
systems, cloud systems and platforms to mitigate identified risks
sufficiently, and to meet business objectives and regulatory
requirements.
Provide security subject matter expertise on application security
and help project teams comply with enterprise and IT security
policies, industry regulations, and best practices.
Assess and understand Pearson VUE current security posture and
future architecture, providing a viable solution path to bridge the
gap.
Assess and understand the current and planned security posture for
platforms (e.g. servers, databases, web servers), providing
recommendations for improvement and risk reduction;
Design security configuration standards, procedures, and guidelines
for platforms such as baseline security configurations and
hardening guides.
Communicate security risks and solutions to business partners and
IT staff.
Coach developers on application security
Recognize, adopt, and instill industry leading practices in
security engineering throughout the organization
Correctly balance security risk and product advancement
Secure DevOps/Secure SDLC
Identify and execute on opportunities to automate internal, cloud
and platform security controls.
Provide subject matter expertise on, and conduct in-depth security
reviews of software applications
Identify and propose process improvements and identify
opportunities for new processes and procedures to reduce risk.
Incident Response
Support security incident response as required.
Research, designs, and advocates new technologies and security
products that will support security requirements for the enterprise
and its customers, business partners, and vendors.
Contributes to the development and maintenance of the information
security strategy.
Evaluates and develops secure solutions, based on approved security
architectures.
Security Tooling
Administer, configure, and support security tools
Assist with adoption of new/existing security tools as needed
Create/support integrations of security tools into central
analytics system
Embrace a culture of continuous service improvement and service
excellence.
Essential Skills:
5+ years industry experience
Bachelor's degree in Computer Science, MIS, or equivalent
technology discipline
3+ years minimum software development required (Java, .NET)
Working knowledge of application development tools, techniques, and
platform technologies
Familiar with OWASP Secure Coding Practices
Familiar with Continuous Integration/Continuous Deployment (CI/CD)
processes and concepts
Familiar with REST API technology and methods
Ability to develop scripts in Python (or comparable language)
Experience in OOAD, agile processes, design patterns
Strong experience with logging and alerting platforms, including
SIEM integration.
Some experience with relational database platforms such as MSSQL,
MySQL, NoSQL databases.
Some proven ability in security process and organizational
design.
Current understanding of Industry trends and emerging threats.
Knowledge of incident response methodologies and technologies.
Desirable Skills:
Experience working in agile environment highly preferred
Well-rounded background in application security.
Experience implementing security controls in a global enterprise IT
environment.
Experience driving a culture of security awareness.
Professional IT Accreditations (CISSP, CISM, CCSA, CCSE, JNCIA,
CCNA, CCIE Security).
Experience in creating design documents, performing code
reviews
Desire to expand knowledge in many development languages,
applications, and tools
Proven ability to quickly learn new processes and tools, business
domains and technical applications
Ability to think technically and analytically
Ability to understand philosophy of architecture
Ability to assimilate information, distill knowledge, apply
experience, and provide solution alternatives and
recommendations
Must have strong time management skills - including ability to work
well under pressure, plan, set priorities, adapt to change, and
meet established timelines
Must be a self-starter and detail-oriented
Must have a "positive" and energetic demeanor
Effective written and verbal communication skills
Creative problem-solving skills
Experience with the following tools (Required):
Java or .NET
Web Services (SOAP/REST)
SQL
Angular
Requirements & analysis experience
OOAD design
Agile development
Design patterns
OWASP Top 10
Static code security testing (SAST) tool experience
Dynamic Application Security Tool (DAST or IAST) experience
Experience with the following tools (Preferred):
Splunk
New Relic
Cloud security
Compensation at Pearson is influenced by a wide array of factors
including but not limited to skill set, level of experience, and
specific office location. As required by the Colorado and New York
City laws, the pay range for this position is as follows:
Minimum full-time salary range is between $120,000 - $140,000.
This position is not bonus eligible, and information on benefits
offered is here.
#LI-POST
Learning is the most powerful force for change in the world. More
than 20,000 Pearson employees deliver our products and services in
nearly 200 countries, all working towards a common purpose - to
help everyone achieve their potential through learning. We do that
by providing high quality, digital content and learning
experiences, as well as assessments and qualifications that help
people build their skills and grow with the world around them. We
are the world's leading learning company. Learn more at
pearsonplc.com.
Pearson believes that wherever learning flourishes, so do people.
We are committed to being an anti-racist---company in everything we
do. We value the power of an inclusive culture and a strong sense
of belonging. We promote a culture where differences are embraced,
opportunities are accessible, consideration and respect are the
norm, and all individuals are supported in reaching their full
potential. Through our talent, we believe that diversity, equity,
and inclusion make us a more innovative and vibrant place to work.
People are at the center, and we are committed to a sustainable
environment and workplace where talent can learn, grow, and thrive.
---
To learn more about Pearson's commitment to a diverse and inclusive
workforce, please click here:---
http://www.pearson.com/careers/diversity-and-inclusion.html---
Pearson is an Affirmative Action and Equal Opportunity Employer and
a member of E-Verify. We are committed to building a team that
represents a variety of backgrounds, perspectives, and skills. The
more inclusive we are, the better our work will be. All employment
is decided based on qualifications, merit, and business need.---All
qualified applicants will receive consideration for employment
without regard to race, ethnicity, color, religion, sex, sexual
orientation, gender identity, gender expression, age, national
origin, protected veteran status, disability status, or any other
group protected by law.
Job: TECHNOLOGY
Organization: Assessment & Qualifications
Schedule: FULL_TIME
Req ID: 8623
#location
Keywords: Pearson, Des Moines , Application Security Engineer, Engineering , Des Moines, Iowa
|
Click
here to apply!
|
