MassMutual - Springfield, MO

posted 13 days ago

Full-time - Mid Level
Springfield, MO
Insurance Carriers and Related Activities

About the position

The Application Security Engineer will be responsible for ensuring the security and integrity of software applications within the Software Security team. This role involves collaborating with development teams and security architects to integrate security best practices throughout the software development lifecycle, conducting security assessments, and implementing robust security solutions to protect against emerging threats.

Responsibilities

  • Conduct in-depth security assessments, including vulnerability scanning and code reviews.
  • Leverage automated tools and manual testing techniques to identify, risk assess, and prioritize application-level vulnerabilities.
  • Collaborate with security architects to design secure application architectures that align with industry best practices.
  • Ensure secure coding practices are followed and security controls are incorporated into software designs.
  • Conduct detailed threat modeling to identify attack vectors and potential weaknesses.
  • Develop and maintain secure coding standards in collaboration with the SDLC Council.
  • Partner with DevOps teams to implement security within CI/CD pipelines for automated deployment of secure code.
  • Assist in incident response activities related to application security breaches.
  • Ensure compliance with security regulations, frameworks, and industry standards such as OWASP.
  • Leverage reporting tools to demonstrate overall risk through metrics of vulnerabilities and code defects.

Requirements

  • Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
  • Minimum of 5+ years of experience in application security, penetration testing, or secure software development.
  • Strong knowledge of secure software development methodologies, including threat modeling and code reviews.
  • Experience in integrating security into DevOps (DevSecOps) and CI/CD environments.
  • Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), and mobile security.
  • Familiarity with SAST, DAST, and IAST tools.
  • Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations.
  • Advanced understanding and experience with writing source code (e.g., JavaScript, Java, C/C++/C#, Python).
  • Experience with identifying security vulnerabilities in containers and Kubernetes.

Nice-to-haves

  • Relevant security certifications such as CEH, OSCP, or GWAPT from recognized certifiers.
  • Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins).
  • Knowledge of compliance and regulatory frameworks (SOC 2, etc.).

Benefits

  • Focus on one-on-one meetings with your manager.
  • Access to mentorship opportunities.
  • Networking opportunities with various Business Resource Groups.
  • Access to learning content on Degreed and other informational platforms.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service