This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
Application Security Engineer
$107,700 - $141,300/Yr
MassMutual
posted about 2 months ago
Full-time - Mid Level
Insurance Carriers and Related Activities
About the position
The Application Security Engineer will be responsible for ensuring the security and integrity of software applications at MassMutual. This role involves collaborating with development teams and security architects to integrate security best practices throughout the software development lifecycle, conducting security assessments, and implementing robust security solutions to protect against vulnerabilities and threats.
Responsibilities
- Conduct in-depth security assessments, including vulnerability scanning and code reviews.
- Leverage automated tools and manual testing techniques to identify, risk assess, and prioritize vulnerabilities.
- Propose mitigation strategies for identified threats and application-level vulnerabilities.
- Collaborate with security architects to design secure application architectures that align with industry best practices.
- Ensure secure coding practices are followed and security controls are incorporated into software designs.
- Conduct detailed threat modeling to identify attack vectors and potential weaknesses.
- Collaborate with the SDLC Council to develop and maintain secure coding standards.
- Partner with DevOps teams to implement security within CI/CD pipelines for automated deployment of secure code.
- Assist in incident response activities related to application security breaches.
- Ensure compliance with security regulations, frameworks, and industry standards such as OWASP.
- Leverage reporting tools to demonstrate overall risk through metrics of vulnerabilities and code defects.
- Stay up to date with the latest security threats, vulnerabilities, and industry trends.
Requirements
- Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
- Minimum of 5+ years of experience in application security, penetration testing, or secure software development.
- Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis.
- Experience in integrating security into DevOps (DevSecOps) and CI/CD environments.
- Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), container security, and API security.
- Familiarity with SAST, DAST, and IAST tools.
- Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations.
- Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C++/C#, Python, etc.).
- Familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.).
- Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes.
- Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers).
- Knowledge of compliance and regulatory frameworks (SOC 2, etc.).
Nice-to-haves
- Relevant security certifications such as CEH, OSCP, or GWAPT from an industry recognized certifier.
Benefits
- Focused one-on-one meetings with your manager
- Access to mentorship opportunities
- Networking opportunities including access to various Business Resource Groups
- Access to learning content on Degreed and other informational platforms
- Strong and stable ethical business with industry leading pay and benefits
