Hybrid or Remote - Application Security Engineer-Information Security

About the position

The Application Security Engineer at First American Financial Corporation plays a crucial role in providing operational security solutions that support IT and business initiatives. This position requires collaboration with various stakeholders, including IT groups, client managers, business customers, third-party vendors, and auditors. The Security Engineer will work closely with the Security Architect to co-design and operationalize security solutions that can be delegated to Security Analysts or other support functions. The role encompasses both technical and administrative controls to ensure the protection and availability of business and IT systems. The Security Architect is responsible for defining the organization's information security architecture and standards, creating prioritized risk assessments based on a technical security control roadmap, and coordinating technical design and review activities. This position is essential for developing secure architectural frameworks, operational guidelines, and metrics that align with the organization's information security policies and overall strategy. In this role, the Application Security Engineer will be expected to have a strong ability to communicate with stakeholders, explaining code issues and fixes to the development community. Daily collaboration with developers is necessary to ensure that all projects adhere to the Software Development Life Cycle (SDLC) process, and that all code in the environment is scanned and remediated appropriately. The engineer will manage code scanning tools and oversee their day-to-day operational management. Additionally, the role involves interfacing with development and security architecture teams on application security topics, such as vulnerability remediation and threat modeling, as well as working with the vulnerability management team to ensure that identified vulnerabilities are reported and validated according to service level agreements (SLAs). The Application Security Engineer will also be responsible for developing Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Enterprise Application Security program, conducting manual testing activities to validate vulnerability or penetration testing findings, and may require weekend and night work based on project and business needs.