Senior Software Developer (Senior Application Security Engineer) - ( 2109113 )
At Pearson,we're committed to a world that's always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons,we are always re-examining the way people learn best,whether it's one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology - and each other to surpass these boundaries - we create seeds of learning that become the catalyst for the world's innovations,personal and global,large and small.
This position reports to the Director of Information Security and Technology Implementation,who leads the School Assessments Information Security Office (AISO). As a Senior Application Security Engineer at Pearson,you will consult with Development teams during their design stages to ensure security requirements are embedded in the product. Additionally,you will drive security components of application development to ensure that security,privacy and compliance requirements are addressed throughout the Software Development Lifecycle (SDLC). Your security "toolbelt" will include leading vulnerability management software in the areas of Static Application Security Testing (SAST),Dynamic Application Security Testing (DAST),and Manual Application Penetration Testing (MAPT). You will also conduct security assessments of enterprise platforms and work with the various teams to address known vulnerabilities.
In this position you will:
+ Consult with Product Development,Site Reliability Engineering,and various business teams on security requirements during design,implementation,and management stages
+ Lead the application vulnerability management program respo
+ Coach,educate,train,and mentor product developers on security best practices
+ Develop and socialize secure coding guidelines and best practices.
+ Capture vulnerability and remediation data to provide dashboard and metrics to senior management
+ Correctly balance security risk and product advancement
+ Perform penetration testing against internally and externally facing web applications
+ Perform threat modeling for existing applications
+ Perform proactive research to detect new attack vectors
+ Perform reactive incident response when a security event occurs
+ Work with technical SMEs across the Assessments Technology Engineering (ATE) organization to architect and create secure-coding frameworks that prevent current and future attack scenarios
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants,including minorities,women,protected veterans,and individuals with disabilities are encouraged to apply.
+ Bachelor's or Master's degree in Computer Science,Information Security,or related major.
+ Strong Software Development background using multiple development tools,techniques,and platform technologies
+ Proven work experience as an application security engineer
+ Knowledge of cybersecurity topics including: secure web app design,cryptography and key material handling,authentication mechanisms such as OAUTH,SAML or OpenID,sensitive data protection,SDLC integration (fuzzing tests,static and dynamic code analysis)
+ Technical knowledge of database and operating system security
+ Experienced in the use of Source Code scanners (Veracode,Whitehat,Checkmarx,SonarQube,Blackduck,etc) and the ability to manually validate findings/eliminate false positives
+ Familiarity with the use of various manual and dynamic application vulnerability testing suites (Netsparker,AppScan,WebInspect,Acunetix,Burp etc)
+ Ability to detect,define,exploit,and remediate OWASP top 10 vulnerabilities without the use of a vulnerability scanner (a browser,a proxy,an editor,and YOU)
+ Preference will be given to candidates holding AWS Solutions Architect - Associate certification. Other cloud-based certifications will also be considered.
+ Intermediate skill level and experience working with industry standard cybersecurity frameworks,such as NIST CSF,ISO 27001,CIS Benchmarks,HITRUST,etc.
+ Preference will be given to candidates who hold professional certifications in one or more of: CISSP,CSSLP,CEH,GCFE,or CFCE
The anticipated starting salary range for Colorado-based individuals expressing interest in this position is $125,000.00-$140,000.00. This position is eligible to participate in an annual incentive program.
Benefits available to eligible employees can be seen at: https://pearsonbenefitsus.com/
**Primary Location** : US-RE-Remote
**Work Locations** :
**Job** : Technology
**Organization** : Assessments School
**Employee Status** : Regular Employee
**Job Type** : Standard
**Job Level** : Individual Contributor
**Shift** : Day Job
**Job Posting** : Jun 23,2021
**Job Unposting** : Ongoing
**Schedule:** : Full-time Regular
**Req ID:** 2109113