Application Security Engineer

The Application Security Engineer is responsible for ensuring that applications developed and/or maintained by AmeriSave Mortgage Corporation are designed and implemented with high security standards to protect the company's information systems and information assets. This role will be responsible for analyzing the security of the company’s applications and vendor-provided solutions, discovering and addressing security issues across the software development lifecycle, building security automation, and providing penetration testing support.
Candidate must have excellent communications and time management skills and be effective at influencing individuals outside of their reporting structure. This Application Security Engineer role reports directly to the AVP of Vulnerability Management and will work collectively with the other members of the team to improve the overall capabilities of identifying and remediating weaknesses in AmeriSave’s environment by continuously improving the Vulnerability Management program.
At AmeriSave, we're one team with one shared dream - to be the best. We’re dedicated to building an inclusive culture where employees are empowered and supported to do their best work - whether from home or in the office. 
Why AmeriSave? What you'll find at AmeriSave is that we don’t just set you up for success, we set you up to WIN. Team members are provided with cutting edge origination software, CRM, marketing automation, data reporting / analytic software, and leading mortgage application technologies to help make more deals happen. Our culture at AmeriSave is casual and fun, and we offer competitive compensation and benefits.
AmeriSave is the company you’ve been waiting to work for! 

Essential Functions:

• Assist in establishing, maintaining, and communicating a clear and comprehensive Application Security program aligned to industry standard framework(s); serve as a subject matter expert in this area
• Implement, define, and improve AmeriSave policies, standards, and procedures for Application Security, including: static and dynamic scanning, vulnerability reporting, secure coding practices, and secure code testing
• Perform security architecture and design reviews of AmeriSave systems and applications
• Perform validation of security controls to insure consistency with company compliance and industry standard methodologies.
• Work with application development teams to ensure they are utilizing secure coding standards and code testing capabilities, reducing risk prior to code transitioning to the production environment
• Identify application vulnerabilities and provide proper consultation for remediation
• Provide system administration support for vulnerability scanning and application testing technologies
• Assist in the execution of penetration testing activities across the enterprise
• Keep abreast of relevant trends and threats, and translate these for AmeriSave based on relevant threats and vulnerabilities
• Develop training programs for awareness within the organization and specialist training for targeted groups to stay up-to-date with new developments and requirements related to secure coding practices
• Establish and drive metrics, analytics, reporting mechanisms and services, maturity models, and a roadmap for continual program improvements.
• Facilitate compliance with the AmeriSave policies and external regulations

Other Duties:

• Prepare formal reports and presentations of findings and recommendations
• Capable of developing custom reporting scripts using standard data querying languages and tools
• Security knowledge across various security domains and technologies (e.g., databases, operating systems, networking, applications)
• Knowledge of microservices and architectures
• Other duties, as assigned

Core Competencies:

• Ability to understand the entire AmeriSave IT landscape, identify application security vulnerabilities, and connect to system and process owners via standardized processes to remediate identified vulnerabilities within the Secure Development Lifecycle (SDLC).
• Ability to understand and convey in detail the common application security attack vectors (e.g. OWASP Top 10) to both application developers and leadership
• Experience performing security testing activities, including dynamic and static code analysis resources, penetration testing, and vulnerability assessments
• Security knowledge across various security domains and technologies (e.g., databases, operating systems, networking, applications, access controls, and identity management)
• Architectural understanding of cloud platforms (Azure, AWS, etc.) and how misconfigurations and/or vulnerabilities within those environments are exploited
• Maintain up-to-date understanding of technology trends and developments in the areas of information technology and security
• Ability to understand business processes and needs, gain buy-in and influence change
• Ability to drive execution of defined goals through effective interaction with IT services teams
• Ability to frame security and IT vulnerability-related concepts to both technical and non-technical audiences
• Highly developed analytical, structured problem-solving skills; analytics and inquisitive mind-set

Minimum Requirements:

• Bachelor's degree is preferred; degree in computer science, information systems, information security/assurance, business administration, or another related field preferred
• 3+ years’ experience working with application security solutions (e.g. Veracode, Checkmarx, Rapid7)
• 3+ years’ hands on experience performing penetration testing, secure code review, static, and dynamic source code review.
• Required familiarity with industry standard Application Security methodologies and frameworks
• Experience testing applications that leverage various code repositories including GitHub
• Prefer knowledge of Cloud security and network security
• Preferred experience in the fields of mortgage, banking, insurance, financial services, technology or similar
• Experience working with parties across all areas of the organization at multiple levels
• Strong analytical and technical skills
• Excellent at multitasking, and open to constant learning

California Consumer Privacy Act Disclosure AcknowledgmentEmployment Applicants, New Hires, and Employees Residing in California
AmeriSave Mortgage Corporation’s California Consumer Privacy Act Policy Statement (“Policy”) can be reviewed here: www.amerisave.com/privacy-policy.   
When AmeriSave’s Human Resources Department makes future requests for personal information, the same Policy is applicable. By applying, you understand this acknowledgment covers current and future personal information requests. You also acknowledge the business purpose of the personal information collected and that future requests may occur while applying for a position at AmeriSave and/or during employment, if applicable.