Senior Application Security Engineer
Business Wire is renowned for both its excellent and unique benefits package. In the US, we offer standard benefits such as health insurance, 401k matching and paid time off. We also offer unique benefits including reimbursement plans for fitness, dental, vision and education classes. Outside the US, benefits are offered according to local regulations and custom, and may vary by country.
Most importantly, we value those employees who make their career at Business Wire; we are very proud of the fact that our length of employment far exceeds the standard. Longtime employees are well rewarded - financially, professionally, and uniquely.
Job Title: Senior Application Security Engineer
Are you looking for the opportunity to make a difference in a dynamic organization that is team focused and mission driven? Then come join us in the heart of the San Francisco Financial District, just half a block from the Embarcadero BART/MUNI Metro station.
Must have a passion for security, the drive to solve challenges, and an overdeveloped need to protect your applications. As an integral member of the Information Security team, the Senior Application Security Engineer will be responsible for implementing, monitoring, and driving compliance for various application security related processes. This position will be the technical lead for the compliance of policies and industry standards including but not limited to OWASP, AICPA SOC 2, internal and external application security audit requirements. The Senior Application Security Engineer will also participate in security assessments, incident response, remediation and operational support activities.
If you have these skills and the drive to excel, then please apply now!
Duties and Responsibilities
- Design, implement, and administer security infrastructure as it pertains to application security technologies including but not limited to Web Application Firewalls & Web Application Scanning
- Work with development teams to perform application security reviews, threat modeling, vulnerability analysis, penetration testing, code reviews, and SDLC support
- Provide application security analysis, including but not limited to, automated and manual runtime assessments, automated and manual static code review, secure SDLC review and database security assessments
- Regularly interface with various organizational stakeholders (e.g., Network Operations team, Systems Administration team, Software Development teams, Middleware & Database teams, etc.) and contribute toward organizational achievement of IT and business objectives
- Work closely with developers and corporate security teams to identify and remediate security issues
- Serve as on-call security resource to troubleshoot operational break-fix issues as needed
- Serve as on-call security incident response and interface with Security Event and Incident Management system to track, monitor, and respond to security-related events as needed
- Author architectural documentation and change requests in accordance with organizational policies and Technology Change Management Procedures
- Provide performance, compliance, security violation and other reports (number of probes/penetration attempt metrics, web access reports, etc.) for security components (if/when requested)
- Perform security audits of IT components using automated tools (e.g. vulnerability scanners) to identify and document risks associated with deviations from defined standards and baselines
- Perform network traces (packet captures), query/mine logging infrastructure to investigate and/or troubleshoot performance issues, security incidents, etc.
- Demonstrate reliability through good attendance and punctuality
- Work as a team member performing any and all functions necessary for the successful operation of the company as determined by Management.
- Provide leadership to Information Security Team as a senior member of the staff.
- Bachelor's degree in Computer Science, Engineering or equivalent
- Minimum of 5 years’ experience as an Information Security professional
- One or more information security certifications
- Detailed technical knowledge of techniques, standards and state of the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
- Strong understanding of web related technologies (web applications, web services and SOA) and of network protocols.
- Excellent communication skills and ability to work effectively with a variety of people
- Ability to work on multiple projects concurrently
- Professional appearance and demeanor
To apply, please send a resume and cover letter to:
Via E-mail: firstname.lastname@example.org
Please Note: Acceptance of a job offer is contingent upon submitting proof of education noted on the job application.
Background checks will not be conducted until after a job offer has been made, and all qualified applicants will be considered for employment, regardless of criminal history.
All qualified applicants will receive consideration for employment without regard to race, religion, ancestry, national origin, sexual orientation, age, disability, marital status, domestic partner status, or medical condition.
No phone calls.