First American Financial - Santa Ana, CA

posted about 2 months ago

Full-time - Mid Level
Remote - Santa Ana, CA
Insurance Carriers and Related Activities

About the position

The Security Engineer is responsible for providing operational security solutions that enable the success of IT and business initiatives. This role involves interfacing with various IT groups across the company, client managers, business customers, third-parties, vendors, and auditors. The Security Engineer collaborates with the Security Architect to co-design and operationalize security solutions that can be effectively delegated to Security Analysts or other support/operations functions. The scope of the Security Engineer's responsibilities extends across both technical and administrative controls that protect and ensure the availability of business and IT systems. The Security Architect defines the organization's information security architecture and standards, creating prioritized risk based on a technical security control roadmap. This role also coordinates technical design and review activities, developing secure architectural frameworks, operational guidelines, and metrics to support a secure computing environment consistent with the organization's information security policies and overall strategy. In this position, you will work closely with stakeholders, explaining code issues and fixes to the development community. You will ensure that all projects adhere to the Software Development Life Cycle (SDLC) process, and that all code in the environment is scanned and remediated. You will manage code scanning tools and oversee their day-to-day operational management. Additionally, you will interface with development and security architecture teams on application security topics, such as vulnerability remediation, best practices, and threat modeling. You will also work with the vulnerability management team to ensure that identified vulnerabilities are reported and validated according to service level agreements (SLAs). Developing Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Enterprise Application Security program will also be part of your responsibilities. Some manual testing activities may be required to validate vulnerability or penetration testing findings. Note that weekend and night work may be necessary based on project, support, and business needs.

Responsibilities

  • Work closely with developers to ensure all projects follow the SDLC process and that all code is scanned and remediated.
  • Manage code scanning tools and oversee their day-to-day operational management.
  • Interface with development and security architecture teams on application security topics such as vulnerability remediation and best practices.
  • Collaborate with the vulnerability management team to ensure vulnerabilities are reported and validated according to SLAs.
  • Develop KPIs and KRIs for the Enterprise Application Security program.
  • Conduct manual testing activities to validate vulnerability or penetration testing findings.
  • Communicate code issues and fixes to the development community.
  • Participate in weekend and night work as needed based on project and business requirements.

Requirements

  • Bachelor's degree in Information Security, Computer Science, or equivalent experience.
  • 5+ years of experience in Application Security.
  • Experience with AWS, Azure, or GCP cloud platforms.
  • Experience with APIs and DevSec practices.
  • Strong understanding of web application security principles.
  • Experience with security testing tools and methodologies.
  • Development background in one or more programming languages such as C#, C++, Java, Python, or .Net.
  • Experience performing manual code reviews.
  • Experience in developing and maturing CI/CD pipelines regarding code quality and vulnerability detection.
  • Expert knowledge of OWASP Top 10 or CWE and understanding of common software threats and mitigations.
  • Bug Bounty and/or penetration testing experience is a bonus.
  • Process and detail-oriented with the ability to create detailed process documentation.
  • Excellent analytical and critical thinking skills.
  • Strong interpersonal and communication skills, able to explain complex security issues to both technical and non-technical stakeholders.
  • Ability to work effectively in a fast-paced environment and manage multiple priorities.

Nice-to-haves

  • Bug Bounty and/or penetration testing experience.

Benefits

  • Medical insurance
  • Dental insurance
  • Vision insurance
  • 401k
  • PTO/paid sick leave
  • Employee stock purchase plan
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service