Application Security Engineer – AppSec Automation (100% US REMOTE)
Allen, TX, United States
Applications have closed
Experian
Experian is committed to helping you protect, understand, and improve your credit. Start with your free Experian credit report and FICO® score.Company Description
Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been named in the 100 “World’s Most Innovative Companies” by Forbes Magazine.
Job Description
Responsible for implementing our strategy for integrating automated security controls into our evolving development life cycle and CI/CD pipelines to shift security “left”, without sacrificing the developer experience. Ensuring that the requirements of security as per the Software Security Policy and Technical Security Baseline are met for new agile deliveries and for Experian’s Legacy estate with flaws and issues managed effectively throughout all stages of an applications life.
Engage with the Developer Champions community to support forward momentum to ensure that the latest security techniques are utilized to provide vulnerability free applications that can be delivered at speed to our clients.
Functions
Work with the AppSec Manager and peers to deliver strategy for Automation of security controls (SAST, DAST, SCA…)
Integrates 3rd party and builds custom solutions into our CI/CD pipelines and development cycles.
Define security guardrails through automated tool policies, SLAs, custom rules, and support the developer community
Help the enterprise manage vulnerabilities across automated tooling and manual security assessments
Work with Champions to build relationships and ensure key activities are supported and deliverables are achieved in a timely manner.
Support education and awareness strategy, rollout for Development community.
Support the AppSec technical team (incident response, code reviews, risk assessments) and ensure relationships with Business and team maximized and effective.
Responsibilities/Requirements
Support of AppSec Consultant function. (15%)
Leads relationship with Development teams to implement security control automation based on SDLC requirements. (60%)
Work with vendors to deliver improvements to development processes as part of defined projects / scope of work. (15%)
Document Processes and SOPs (10%)
Qualifications
Formal Education & Certification
Four-year college diploma or university degree in computer science or computer engineering, and/or 5 years equivalent work experience in application development.
CSSLP Preferred.
Certifications in Application Testing Mechanisms preferred.
Knowledge & Experience
5 years direct experience in enterprise-level applications security.
Experience with SAST, Software Composition Analysis (SCA), DAST, IAST, RASP tooling
Experience conducting technical security assessments, code audits and architectural design reviews
Experience with automation through solutions such as Chef, Puppet, Jenkins, and Ansible
Proficiency with major programming languages like Java, .Net, Python, PHP, C++
Experience in AppSec or DevSecOps groups
Experience with CI/CD pipelines
Experience with cloud-based application architectures
Proven experience in overseeing the linking of cross-functional applications between disparate business units and systems.
Experience with business and technical requirements analysis, business process modeling/mapping, methodology development, and data mapping.
Strong understanding and background in MITRE, OWASP, SafeCode, risk management methodologies as they relate to integration/software testing.
Good project management skills and/or substantial exposure to project-based work structures, project lifecycle models, etc.
Strong understanding of end-user needs and requirements.
Excellent understanding of the organization’s goals and objectives.
Personal Attributes
Excellent oral and interpersonal communication skills.
Outstanding writing and documentation skills.
Able to communicate ideas in both technical and user-friendly language.
Able to conduct research into application issues and products.
Highly self-motivated and directed, with keen attention to detail.
Able to prioritize and execute tasks in a high-pressure environment.
Experience working in a team-oriented, collaborative environment.
Knowledge of applicable data privacy practices and laws.
Willing to travel globally as required.
Key Performance Metrics
Support delivery of Policy metrics for Application testing and remediation.
Ensure constant communication with Business to deliver MI and technical information to support development processes.
Additional Information
Our uniqueness is that we truly value yours.
Experian's culture, people and environments are key differentiators. We take our people agenda very seriously. We focus on what truly matters; diversity and inclusion, work/life balance, flexible working, development, engagement, collaboration, wellness, reward & recognition, volunteering... the list goes on
We’re an award-winning organization due to our strong people focus
Experian isn't just growing, we're leveraging cutting edge data science, design thinking and passion to build tomorrow's credit solutions. Innovation is a critical part of Experian's DNA and culture
Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above. Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience and education. This position is also eligible for a variable pay opportunity and a comprehensive benefits package which includes health, life and disability insurance, generous paid time off including paid parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and and it reflects what we believe. See our DEI work in action!
Experian Careers - Creating a better tomorrow together
Find out what its like to work for Experian by clicking here
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Ansible Application security Audits Automation C CI/CD Cloud Computer Science DAST DevSecOps IAST Incident response Java OWASP PHP Privacy Puppet Python Risk assessment Risk management SAST SDLC Security assessment SLAs Strategy Vulnerabilities
Perks/benefits: 401(k) matching Equity Flex hours Flex vacation Health care Insurance Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open IPS-related jobs