Application Security Engineer

Pearsonposted about 1 month ago
Full-time
Durham, NC
Publishing Industries

Add to tracker

Apply

About the position

Pearson is a Global organization that does business in nearly every country; the majority of our systems are cloud based, using modern infrastructure and development practices. Pearson services a number of federal and highly sensitive workloads, ensuring security is routinely prioritized. While we have a global reach, impacting the lives and work of many, we are a close-knit and passionate team of engineers with expertise ranging across the board in the realm of Cybersecurity. Here, you will always be a stone's throw away from exciting projects with many opportunities for growth and developing knowledge in cutting-edge technologies. As an Application Security Engineer, you will be responsible for ensuring the holistic security of various applications and services used throughout the organization. You will be working with various application teams throughout the organization to ensure security best practices are adopted and implanted throughout the SDLC. You will work to identify, track, and advise the application teams to remediate vulnerabilities and the associated risks. Vulnerabilities may come from various tools and testing done by yourself or other internal or third-party penetration testers.

Responsibilities

  • Engagement with internal and external partner teams
  • Collaborate with product and platform teams on security controls
  • Plan, implement, upgrade, and monitor security measures related to application security
  • Collaborate with functional area architects, engineers, and security specialists across Pearson to implement suitable security solutions and controls
  • Provide security expertise and assist project teams in adhering to enterprise and IT security policies, industry regulations, and best practices
  • Evaluate Pearson's current security and future architecture, offering solutions to address any gaps
  • Assess and understand the current and planned security posture for platforms, provide recommendations for improvements and risk reduction
  • Develop security configuration standards, procedures, and guidelines for various platforms, including baseline security configurations and hardening guides
  • Communicate security risks and solutions to business partners and IT staff
  • Coach developers on application security
  • Implement industry-leading security engineering practices across the organization
  • Escalate and document risks when observed
  • Perform threat modeling
  • Perform thorough security reviews of software applications
  • Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk
  • Assist with configuring Web Application Firewalls (WAF)
  • Assist with the tuning of Runtime Application Self Protection (RASP) tools
  • Assist in security incident response efforts as necessary
  • Aid teams in implementing appropriate logging practices
  • Collaborate with security operations teams to develop detection capabilities
  • Conduct research, design, and advocate for new technologies and security products that fulfill the security requirements of the enterprise
  • Contribute to the development and maintenance of the information security strategy
  • Administer, configure, and support security tools
  • Assist with adoption of new/existing security tools as needed
  • Create/support integrations of security tools into central analytics system
  • Embrace a culture of continuous service improvement and service excellence
  • Stay up to date on security industry trends

Requirements

  • Bachelor's degree in Computer Science, MIS, or equivalent technology discipline
  • Working knowledge of application development tools, techniques, and platform technologies
  • Familiar with Continuous Integration/Continuous Deployment (CI/CD) processes and concepts
  • Familiar with REST API technology and methods
  • Ability to develop scripts in Python (or comparable language)
  • Experience in OOAD, agile processes, design patterns
  • Threat modeling experience
  • Proficient in OWASP top 10 Vulnerabilities, Secure Coding Practices and Security Controls
  • Familiarity with SCA (Software Composition Analysis) techniques and working with application teams to remediate such vulnerabilities
  • Managing technical security debt

Nice-to-haves

  • 3+ years minimum software development required (Java or .NET), application security experience, or pen testing
  • Experience working in an agile environment
  • Experience with automation
  • Familiarity with government attestations, including FedRAMP and StateRAMP
  • Experience with relational database platforms such as MSSQL, MySQL, and NoSQL databases
  • Understanding of incident response methods and technologies
  • Implemented security controls in a global enterprise IT environment
  • Drive a culture of security awareness
  • Experience in creating design documents, performing code reviews
  • Desire to expand knowledge in many development languages, applications, and tools
  • Proven ability to quickly learn new processes and tools, business domains and technical applications
  • Ability to think technically and analytically
  • Ability to assimilate information, distill knowledge, apply experience and provide solution alternatives and recommendations
  • Must be a self-starter and detail-oriented
  • Must have a 'positive' and energetic demeanor
  • Effective written and verbal communication skills
  • Creative problem-solving skills
  • Experience in containerized and serverless environments

Add to tracker

Apply

Hard Skills
Application Firewall
1
Java
1
NoSQL
1
Python
1
Security Engineering
1
0LPZyoHEI 8egCBhmJq
0
4im5L Ob27qLSHd NVuPjFZCgEQc
0
6ovs2Yc Z8mJjHOGiXvw hVOIuHWDP9KA
0
AV8Xrwc2p3lm chOpCY47E
0
AZSohVj XrWlVmEuy
0
DZmVsaAQWy 40Zq61jnliK
0
FjMhszQVIJ9 sQN3Bht4V
0
J4sM0ynhg iatedzoFLy
0
JIEKc18Z3 uJE47KZSO
0
LaHuYKDleI ZAdBEm14U
0
LgwbnSycK iYz3eh0obmX
0
OznUKuCi 6gWFrkT
0
RLxfA27TZVWO 7n3uvSO0ZRBw
0
S8EqTbmR5PGoAJW JpURYoesc
0
VaOvdX2x7 oCKUGiWRDv9
0
ZxVuYdWTp DxCWua7w
0
altZ6CPc ZtUENsKPv5pa
0
bsuGYIlE5 psgINqazc
0
c8CV3 Rq4O9daml8
0
cOX3oLWMEVs1 9vMChDit2 VcWM8Oq
0
eTksrWNKmfS mJ2bRC6v9IV
0
ew8SAIY mFfr2PcXR
0
fk3JvqW8DAO 8iQHcEqBC
0
gMlSHz9 lQTCson1NBFxgf JNsoLug
0
jeLiMuZQV uV0WgP8cy
0
k7JbBGT6rhXD 7SCcgsvnP
0
lqfFA9
0
m5RvaBtf02LG yhcr0IzBl
0
rV0cfmNvy8 RPYOdEhA3zTluBW2
0
sxTXB q8N120y
0
ue8BX4CYh yz0sTD62J
0
wL53ob2U sgy82wODz
0
xSyMVtzjJ 3VZaYxSTs
0
xqA EFWZsYihU
0
ydFwh3j FCGniDK
0
zhx1wSFt rDLQZdBWU 4g1mld9b27qF
0
Soft Skills
08Q5mI4SF PdNCgTU6M
0
XUq9N1cfY qUAWEOf
0
eraKwm86 gN12i3cE
0
vqYe1UA PEsRuZbDq
0
Unlock 40 more keywords by signing up for Teal+
Sign Up
Build your resume with AI

A Smarter and Faster Way to Build Your Resume

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service