Application Security Engineer

MassMutual - Hartford, WI

posted 5 days ago

Full-time - Mid Level
Hartford, WI
Insurance Carriers and Related Activities

About the position

The Application Security Engineer will be a key member of the Software Security team at MassMutual, responsible for ensuring the security and integrity of software applications. This role involves collaborating with development teams and security architects to integrate security best practices throughout the software development lifecycle, conducting security assessments, and implementing robust security solutions to protect against emerging threats.

Responsibilities

  • Conduct in-depth security assessments, including vulnerability scanning and code reviews.
  • Leverage automated tools and manual testing techniques to identify, risk assess, and prioritize application-level vulnerabilities.
  • Collaborate with security architects to design secure application architectures that align with industry best practices.
  • Ensure secure coding practices are followed and security controls are incorporated into software designs.
  • Conduct detailed threat modeling to identify attack vectors and potential weaknesses.
  • Collaborate with the SDLC Council to develop and maintain secure coding standards.
  • Partner with DevOps teams to implement security within CI/CD pipelines for automated deployment of secure code.
  • Assist in incident response activities related to application security breaches.
  • Ensure compliance with security regulations, frameworks, and industry standards such as OWASP.
  • Leverage reporting tools to demonstrate overall risk through metrics of vulnerabilities and code defects.
  • Stay up to date with the latest security threats, vulnerabilities, and industry trends.

Requirements

  • Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
  • Minimum of 5+ years of experience in application security, penetration testing, or secure software development.

Nice-to-haves

  • Relevant security certifications such as CEH, OSCP, or GWAPT from recognized certifiers.
  • Strong knowledge of secure software development methodologies, including threat modeling and code reviews.
  • Experience in integrating security into DevOps (DevSecOps) and CI/CD environments.
  • Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), and mobile security.
  • Familiarity with SAST, DAST, and IAST tools.
  • Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations.
  • Experience with identifying security vulnerabilities in dockers, containers, and Kubernetes.
  • Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins).
  • Knowledge of compliance and regulatory frameworks (SOC 2, etc.).

Benefits

  • Focused one-on-one meetings with your manager
  • Access to mentorship opportunities
  • Networking opportunities including access to various Business Resource Groups
  • Access to learning content on Degreed and other informational platforms
  • Strong ethical business with industry-leading pay and benefits

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service