Application Security Engineer

$107,700 - $141,300/Yr

MassMutual - Boston, MA

posted 19 days ago

Full-time - Mid Level
Boston, MA
Insurance Carriers and Related Activities

About the position

The Application Security Engineer will be responsible for ensuring the security and integrity of software applications within the Software Security team. This role involves collaborating with development teams and security architects to integrate security best practices throughout the software development lifecycle, conducting security assessments, and implementing robust security solutions to protect against vulnerabilities and threats.

Responsibilities

  • Conduct in-depth security assessments, including vulnerability scanning and code reviews.
  • Leverage automated tools and manual testing techniques to identify, risk assess, and propose mitigation strategies for application-level vulnerabilities.
  • Collaborate with security architects to design secure application architectures that align with industry best practices.
  • Ensure secure coding practices are followed and security controls are incorporated into software designs.
  • Conduct detailed threat modeling to identify attack vectors and potential weaknesses.
  • Collaborate with the SDLC Council to develop and maintain secure coding standards.
  • Partner with DevOps teams to implement security within CI/CD pipelines for automated deployment of secure code.
  • Assist in incident response activities related to application security breaches.
  • Ensure compliance with security regulations, frameworks, and industry standards such as OWASP.
  • Leverage reporting tools to demonstrate overall risk through metrics of vulnerabilities and code defects.

Requirements

  • Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
  • Minimum of 5+ years of experience in application security, penetration testing, or secure software development.

Nice-to-haves

  • Relevant security certifications such as CEH, OSCP, or GWAPT.
  • Strong knowledge of secure software development methodologies, including threat modeling and code reviews.
  • Experience in integrating security into DevOps (DevSecOps) and CI/CD environments.
  • Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), and mobile security.
  • Familiarity with SAST, DAST, and IAST tools.
  • Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations.

Benefits

  • Focused one-on-one meetings with your manager
  • Access to mentorship opportunities
  • Networking opportunities including access to various Business Resource Groups
  • Access to learning content on Degreed and other informational platforms
  • Competitive salaries and incentive opportunities
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service