Application Security Engineer

$107,700 - $141,300/Yr

MassMutual - New York, NY

posted 14 days ago

Full-time
New York, NY
Insurance Carriers and Related Activities

About the position

The Application Security Engineer will be a key member of the Software Security team at MassMutual, responsible for ensuring the security and integrity of software applications. This role involves collaborating with development teams and security architects to integrate security best practices throughout the software development lifecycle, conducting security assessments, and implementing robust security solutions to protect against emerging threats.

Responsibilities

  • Conduct in-depth security assessments, including vulnerability scanning and code reviews.
  • Leverage automated tools and manual testing techniques to identify, risk assess, and prioritize application-level vulnerabilities.
  • Collaborate with security architects to design secure application architectures that align with industry best practices.
  • Ensure secure coding practices are followed and security controls are incorporated into software designs.
  • Conduct detailed threat modeling to identify attack vectors and potential weaknesses.
  • Partner with DevOps teams to implement security within CI/CD pipelines for automated deployment of secure code.
  • Assist in incident response activities related to application security breaches.
  • Ensure compliance with security regulations, frameworks, and industry standards such as OWASP.
  • Leverage reporting tools to demonstrate overall risk through metrics of vulnerabilities and code defects.
  • Stay up to date with the latest security threats, vulnerabilities, and industry trends.

Requirements

  • Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
  • Minimum of 5+ years of experience in application security, penetration testing, or secure software development.
  • Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis.
  • Experience in integrating security into DevOps (DevSecOps) and CI/CD environments.
  • Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, and API security.
  • Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations.
  • Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C++/C#, Python).

Nice-to-haves

  • Relevant security certifications such as CEH, OSCP, or GWAPT from recognized certifiers.
  • Familiarity with SAST, DAST, and IAST tools.
  • Experience with identifying security vulnerabilities in dockers, containers, and Kubernetes.
  • Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins).
  • Knowledge of compliance and regulatory frameworks (SOC 2, etc.).

Benefits

  • Focused one-on-one meetings with your manager
  • Access to mentorship opportunities
  • Networking opportunities including access to various Business Resource Groups
  • Access to learning content on Degreed and other informational platforms
  • Strong ethical business practices with industry-leading pay and benefits
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service