First American Financial - Santa Ana, CA
posted about 2 months ago
The Security Engineer is responsible for providing operational security solutions that enable the success of IT and business initiatives. This role involves interfacing with various IT groups across the company, client managers, business customers, third-parties, vendors, and auditors. The Security Engineer collaborates with the Security Architect to co-design and operationalize security solutions that can be effectively delegated to Security Analysts or other support/operations functions. The scope of the Security Engineer's responsibilities extends across both technical and administrative controls that protect and ensure the availability of business and IT systems. The Security Architect defines the organization's information security architecture and standards, creating prioritized risk based on a technical security control roadmap. This role also coordinates technical design and review activities, developing secure architectural frameworks, operational guidelines, and metrics to support a secure computing environment consistent with the organization's information security policies and overall strategy. In this position, you will work closely with stakeholders, explaining code issues and fixes to the development community. You will ensure that all projects adhere to the Software Development Life Cycle (SDLC) process, and that all code in the environment is scanned and remediated. You will manage code scanning tools and oversee their day-to-day operational management. Additionally, you will interface with development and security architecture teams on application security topics, such as vulnerability remediation, best practices, and threat modeling. You will also work with the vulnerability management team to ensure that identified vulnerabilities are reported and validated according to service level agreements (SLAs). Developing Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Enterprise Application Security program will also be part of your responsibilities. Some manual testing activities may be required to validate vulnerability or penetration testing findings. Note that weekend and night work may be necessary based on project, support, and business needs.