Senior Product Software Engineer - Application Security Champion

BASIC FUNCTION

As a member of the Compliance Solutions Application Security Advisors team (CS ASA), the Senior Product Software Engineer – Application Security Champion will support and promote application security maturity within the organization. The primary way they will do this is by supporting the CS ASA charter which focuses on identifying common application security problems, defining standard solutions to these problems, collaborating with development teams during their remediation, producing proofs-of-concept, and participating in an application security community of practice. This individual will also promote application security best practices with the goal of strengthening the organization’s security posture

ESSENTIAL DUTIES AND RESPONSIBILITIES

Document common application security problems within the Compliance Solutions organization.

•Research, document, and share reusable solutions to common application security problems.

•Promote consistent approaches to solving common application security problems across the Compliance Solutions organization.

•Collaborate with development teams, providing process, architecture, and solution guidance for their application security needs.

•Support teams in triage of code-based application security findings and planning of their remediation.

•Produce proofs-of-concept to better demonstrate application security solutions that a development team may use in their product

Execute and support the development of application security solutions for Compliance Solutions applications.

.•Provide threat modeling guidance and support to teams.

•Track SLAs and remediation plans for security findings.

•Facilitate Security Architecture Design Review sessions.

•Participate in the Compliance Solutions Application Security Community of Practice to foster knowledge sharing and discussion on application security topics impacting our teams and products.

•Establish and maintain connections within the */dxg Application Security Center of Excellence to allow improved reuse of best practice solutions already in place elsewhere in the global organization.

•Maintain an in-depth awareness of Wolters Kluwer and Divisional Application Security policies, standards, and guidelines that impact product development activities, and provide guidance and advice to product development teams on how to best comply with these.

•Maintain a familiarity with the application security testing tools in use by the organization.

•Promote best practices in secure development, application security testing tool use, and other shift-left application security activities.

•Participate in the evaluation of third-party application security software products

.•Take application security training, meeting annual minimum hourly requirements set by organization standards and your supervisor.

Stay abreast of incidents and improvements within the application security space that may affect the organization.

OTHER DUTIES

Performs other duties as assigned by supervisor and be flexible to adapt to changes in job duties.

JOB QUALIFICATIONS

Education: BA/BS in Computer Science, MIS, or related field.

Experience: The successful candidate must have a minimum of seven (7) years of experience in a software development position, with at least two (2) years of strong focus on the application security of SaaS, Cloud, and Business Analytics software and systems. This experience should include a proven track record of driving collaboration with others to evaluate, document, and implement solutions to application security problems. Additionally, the candidate should have a solid understanding of industry security standards and guidelines, as well as experience with security testing tools and the evaluation of third-party security software products. The ability to stay up to date with evolving application security trends and incidents is also crucial for success in this role.

Other Knowledge, Skills, Abilities or Certifications:

•Full-stack experience with Microsoft and/or Java technology stacks for SaaS and web-based technologies

•In-depth knowledge of common application security issues, vulnerabilities, and best practices

•Familiarity with standard and reusable solutions for addressing application security problems

•Ability to research new application security topics and quickly come up to speed on solution options

•Understanding of software development processes, methodologies, and architectures

•Familiarity with application security testing tools and techniques, such as static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), and software composition analysis (SCA)

•Skilled in effective threat modeling

•Strong documentation skills to effectively document security issues and solutions

•Ability to collaborate closely with development teams when considering and implementing solutions most appropriate in context of their systems

•Strong customer-focused written and verbal communication skills

•Skilled in rapidly creating proofs-of-concept to demonstrate solution options

•Proficiency in triaging and planning the remediation of application security findings

•Ability to track Service Level Agreements (SLAs) and remediation plans for security findings

•Skilled at facilitating software architecture design review sessions with an eye for security considerations

•Demonstrated experience in actively contributing to a community of like-minded individuals

•Desire to promote best practices in secure development and application security tool use

•Ability to guide others on how to comply with organizational policies and standards

•Commitment to staying up to date with the evolving landscape of application security and improvements in the field