Pearson Senior Application Security Engineer in Iowa City, Iowa
Senior Application Security Engineer - ( 2103017 )
At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.
This position reports to the Director of Information Security and Technology Implementation, who leads the School Assessments Information Security Office (AISO). As a Senior Application Security Engineer at Pearson, you will consult with Development teams during their design stages to ensure security requirements are embedded in the product. Additionally, you will drive security components of application development to ensure that security, privacy and compliance requirements are addressed throughout the Software Development Lifecycle (SDLC). Your security "toolbelt" will include leading vulnerability management software in the areas of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Manual Application Penetration Testing (MAPT). You will also conduct security assessments of enterprise platforms and work with the various teams to address known vulnerabilities.
In this position you will:
Consult with Product Development, Site Reliability Engineering, and various business teams on security requirements during design, implementation, and management stages
Lead the application vulnerability management program respo
Coach, educate, train, and mentor product developers on security best practices
Develop and socialize secure coding guidelines and best practices.
Capture vulnerability and remediation data to provide dashboard and metrics to senior management
Correctly balance security risk and product advancement
Perform penetration testing against internally and externally facing web applications
Perform threat modeling for existing applications
Perform proactive research to detect new attack vectors
Perform reactive incident response when a security event occurs
Work with technical SMEs across the Assessments Technology Engineering (ATE) organization to architect and create secure-coding frameworks that prevent current and future attack scenarios
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.
Bachelor’s or Master’s degree in Computer Science, Information Security, or related major.
Strong Software Development background using multiple development tools, techniques, and platform technologies
Proven work experience as an application security engineer
Knowledge of cybersecurity topics including: secure web app design, cryptography and key material handling, authentication mechanisms such as OAUTH, SAML or OpenID, sensitive data protection, SDLC integration (fuzzing tests, static and dynamic code analysis)
Technical knowledge of database and operating system security
Experienced in the use of Source Code scanners (Veracode, Whitehat, Checkmarx, SonarQube, Blackduck, etc) and the ability to manually validate findings/eliminate false positives
Familiarity with the use of various manual and dynamic application vulnerability testing suites (Netsparker, AppScan, WebInspect, Acunetix, Burp etc)
Ability to detect, define, exploit, and remediate OWASP top 10 vulnerabilities without the use of a vulnerability scanner (a browser, a proxy, an editor, and YOU)
Preference will be given to candidates holding AWS Solutions Architect - Associate certification. Other cloud-based certifications will also be considered.
Intermediate skill level and experience working with industry standard cybersecurity frameworks, such as NIST CSF, ISO 27001, CIS Benchmarks, HITRUST, etc.
Preference will be given to candidates who hold professional certifications in one or more of: CISSP, CSSLP, CEH, GCFE, or CFCE
The anticipated starting salary range for Colorado-based individuals expressing interest in this position is $90,000.00-$125,000.00. This position is eligible to participate in an annual incentive program.
Benefits available to eligible employees can be seen at: https://pearsonbenefitsus.com/
Primary Location : US-IA-Iowa City
Other Locations : US-CO-Centennial, US-TX-San Antonio, US-TX-Austin, US-MN-Bloomington, US-NC-Durham, US-CO-Boulder
Work Locations :
US-IA-Iowa City-2510 North Dodge
2510 North Dodge Street
Job : Technology
Organization : Assessments School
Employee Status : Regular Employee
Job Type : Standard
Job Level : Individual Contributor
Shift : Day Job
Job Posting : Mar 5, 2021
Job Unposting : Ongoing
Schedule: : Full-time Regular
Req ID: 2103017
- Pearson Jobs