Hybrid - Application Security Engineer-Information Security

$95,350 - $127,125/Yr

First American Financial - Santa Ana, CA

posted about 2 months ago

Full-time - Mid Level
Santa Ana, CA
Insurance Carriers and Related Activities

About the position

The Security Engineer is responsible for providing operational security solutions that enable the success of IT and business initiatives. This role involves interfacing with various IT groups across the company, client managers, business customers, third-parties, vendors, and auditors. The Security Engineer collaborates with the Security Architect to co-design and operationalize security solutions that can be effectively delegated to Security Analysts or other support/operations functions. The scope of the Security Engineer's responsibilities extends across both technical and administrative controls that protect and ensure the availability of business and IT systems. The Security Architect defines the organization's information security architecture and standards, creating prioritized risk based on a technical security control roadmap. They coordinate technical design and review activities, developing secure architectural frameworks, operational guidelines, and metrics to support a secure computing environment consistent with the organization's information security policies and overall strategy.

Responsibilities

  • Work closely with stakeholders to explain code issues and fixes to the development community.
  • Ensure all projects follow the SDLC process and that all code in the environment is scanned and remediated.
  • Manage respective code scanning tools and oversee day-to-day operational management of these tools.
  • Interface with development and security architecture teams on application security topics such as vulnerability remediation and best practices.
  • Collaborate with the vulnerability management team to ensure vulnerabilities are reported and validated according to SLAs.
  • Develop KPIs and KRIs for the Enterprise Application Security program.
  • Conduct manual testing activities to validate vulnerability or penetration testing findings.
  • Be available for weekend and night work as needed based on project, support, and business needs.

Requirements

  • Bachelor's degree in Information Security, Computer Science, or equivalent experience.
  • 5+ years of experience in Application Security.
  • Experience with AWS, Azure, or GCP cloud platforms.
  • Experience with APIs and DevSec practices.
  • Strong understanding of web application security principles.
  • Experience with security testing tools and methodologies.
  • Development background in one or more programming languages such as C#, C++, Java, Python, or .Net.
  • Experience performing manual code reviews.
  • Experience in developing and maturing CI/CD pipelines regarding code quality and vulnerability detection.
  • Expert knowledge of OWASP Top 10 or CWE and understanding of common software threats and mitigations.
  • Bug Bounty and/or penetration testing experience is a bonus.
  • Must be process and detail-oriented with the ability to create detailed process documentation.
  • Excellent analytical and critical thinking skills.
  • Strong interpersonal and communication skills, capable of explaining complex security issues to both technical and non-technical stakeholders.
  • Ability to work effectively in a fast-paced environment and manage multiple priorities.

Nice-to-haves

  • Bug Bounty and/or penetration testing experience.

Benefits

  • Medical insurance
  • Dental insurance
  • Vision insurance
  • 401k
  • PTO/paid sick leave
  • Employee stock purchase plan

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service