Bertelsmannposted 8 days ago
$100,000 - $135,000/Yr
Full-time - Mid Level
Remote - New York, NY
Broadcasting and Content Providers
About the position
Penguin Random House is seeking an Application Security Engineer to join the IT Security team. This position will be responsible for advancing Secure Software Development Life Cycle (SDLC) practices and incorporating Application Security services and technologies to achieve a security-first design in all of Penguin Random House's applications. In addition, the individual will be expected to contribute to and help deliver services and projects across various aspects of information security. The individual will collaborate with developers and business stakeholders from relevant technical teams to evaluate the security architecture of new products and features through application security assessments. They will prioritize and provide guidance on mitigating identified weaknesses and vulnerabilities while working with development teams to define and promote security best practices.
Responsibilities
- Develop and refine our core infrastructure architecture to minimize the vulnerability of essential services and reduce the impact of potential security exploits.
- Strategize and implement application security architectures that are in line with the company's business objectives, ensuring adherence to privacy standards and compliance requirements.
- Utilize scripting languages (Python, Ruby, Bash, etc.) to build automation tools as needed.
- Create and deliver presentations and documentation to educate developers and operations teams on application security best practices and secure coding techniques.
- Identify and assess threats, vulnerabilities and potential exploits through architecture design reviews, threat modeling, code reviews, SCA/SAST/DAST assessments and collaborate with developers/engineers to remediate issues.
- Formulate and establish application security policies, standards and guidelines to support the secure development of products and services.
- Collaborate with the DevOps team to enhance Application Security, integrating security tools into the CI/CD pipeline, including container security, SCA/SAST, DAST, IAST, and third-party vulnerability Scanning.
- Partner with security stakeholders across the organization to assist delivery teams in conceptualizing and implementing security-focused projects and initiatives.
Requirements
- Experience in at least one of the following areas: securing workflows in AWS and Azure, proficiency in SecDevOps and automation, familiarity with secure coding practices, or a background in application development with a desire to move into application security.
- Bachelor's degree in computer science or a related field, supplemented by a minimum of five years of professional experience encompassing a robust technical understanding and practical involvement in secure software development, security engineering, DevOps, application penetration testing, and/or negative QA testing.
- Proficient in effective communication, interpersonal relations, and organizational management.
- Experience with application security tools such as SCA, SAST, DAST, Penetration testing, and Fuzzing.
- Comprehensive knowledge of prevalent software and web application security vulnerabilities, including OWASP Top 10 and SANS/CWE Top 25.
- Expertise in conducting security assessments for web and mobile applications based on OWASP ASVS/M-ASVS and other testing guidelines.
- DevOps experience with building and deploying applications/infrastructure with the following technologies: GitLab/GitHub, Ansible, Jenkins, etc.
- Advanced understanding and experience with web architectures, web applications, APIs, mobile applications, desktop applications, Unified Communications (including VoIP and SMS), and the underlying technology of cloud infrastructure.
- Experience securing DevOps, including continuous integration, configuration management, and continuous deployment.
- Demonstrated ability in leading code reviews, executing threat modeling, and conducting penetration tests.
- Industry-recognized certification in security is a plus (e.g., CISSP, CISA, CISM, CRISC, CEH, etc.)
Benefits
- Medical/Prescription drug insurance
- Dental
- Vision
- Health Care/Dependent Care Flexible Spending Account
- Health Savings Account
- Pre-Tax and Roth 401(k)
- Short and Long-Term Disability Insurance
- Life/AD&D Insurance
- Commuter Benefits
- Student Loan Repayment Program
- Educational Assistance
- Generous paid time off
Hard Skills
Ansible
1
Bash
1
Github
1
Gitlab
1
Jenkins
1
1cxbrQkDtIC 78lTehIJfmv
0
47hEaDS J3bMIxr
0
4Cp7I
0
6oF2qztLI DJthLoUapKwn
0
7HghZGs A63FtoL BIgE1 1HKszja3kF
0
8yRvxWe QNGcdbwHE
0
EyHjI 6iAZKbFg
0
HyCI dpqrRAWXsVNH JBhYkiOAI
0
Ko8EYRM2dAcDOB aQeFHID9c
0
N7t 97LVSOYp8QNlX fVybYK1
0
NkQTq2IitzF qo7CGNOaTKkFU
0
O6GYVxpMhdJ5lv8 UnSfik6JmV4hy
0
OKeGrn ON4R5uGsKIx
0
OhlbEt9es xP7zu6wXv5d
0
PkNTcB2
0
PzS6ebXRt mXtwKb9npgo5lqO
0
Qio9vlMUk KGoMuv7D
0
SO6 zhOHgbxcr 9Puk2egZIEtXR
0
T9FNfYZSnv7 9JcAoVGQpfKr
0
VZugJ0nsl6to nplQrEJN
0
VgJy6r9oKC51Ox dWojvi5tfHhJFqU
0
YCidujsho uO05Ei
0
YZCDJ e3jEnZA
0
aT3 vXVMSi267 5oT4jua23GhOv
0
bLwXFfRy cdv4RD6Xq270
0
dh2RsGi6qVC8 nRkWovsSP
0
dq0p5vc U7bWSwGprVa
0
f8zrVU ORf3haJWNqYZS8g
0
fsOgvezDc JmXsRaFOc
0
iHAF3oh98jLv xBZLuK1rU
0
l3cVfAPgSodZQ8 bBmuIvpSGDa
0
oHCNatD2T jTL9sN
0
rBYt7uOT Fyfibak8x9WpcrV
0
umOAQKbhE1C7 bMnglhc5E
0
vqPBgL
0
xrntsC7faW 6KzRvdxBJ
0
yRHcZNMLT 0MGobIOKy
0
z3yBWxwYXofr yTqSszDrcIG0
0
z4MEOnqbPUFW d58JOLqM
0
zCMTY4X3o Zfqb4pLtN
0
A Smarter and Faster Way to Build Your Resume