Experience Inc. Jobs

Job Information

Asurion Principal Application Security Engineer in Nashville, Tennessee

The Principal Application Security Engineer will assist Asurion in developing truly secure products by providing best-in-class application security services to the product development organization, while passionately pursuing personal and organizational excellence in the field of application/product security.

Responsibilities:

o Provide application/product security guidance and direction to globally distributed product development organization.

o Perform application security assessments of internally developed products and systems.

o Perform automated and manual security code reviews.

o Build threat models of internally developed products and systems.

o Advise and educate development teams with respect to application security best practices, security automation within the SDLC, and the proper use of application security products and services.

o Build and maintain positive and productive working relationships with product development teams and individuals.

o Mentor security champions and junior application security engineers.

o Provide assistance in response to product security incidents where application / product security expertise is required.

o Participate in blameless post mortems and retrospectives in effort to improve security of products / systems.

o Develop security assessment scripts and frameworks.

o Continuously learn and keep abreast of the latest technical developments in the application/product security and cloud security spaces.

o Perform research into and present on relevant security technology, practices, and threats.

o Work closely with a small team of application security and penetration testing staff, in conjunction with product development, to ensure company products and services withstand all foreseen and reasonable attacks.

Requirements:

o BS or MS in Computer Science or Engineering.

o 4 years of experience as a software engineer/developer in a product development organization.

o 3 years of hands-on, in-depth experience in application security, in the role of security engineer, reviewing, assessing, and providing guidance to product development teams.

o Experience should include threat modeling, security architecture & design review, automated & manual static security code analysis.

o In-depth knowledge of application security vulnerabilities and best practices.

o Knowledge of network security, public cloud security (particularly AWS), PKI, and cryptography.

o Strong analytical and problem-solving skills.

o Experience mentoring junior engineers toward professional maturity.

o Experience leading small teams of engineers in a fast-paced environment.

o Excellent communication (oral, written, presentation) skills.

o Penetration testing experience is highly desirable.

o GSSP, GWAPT, GXPN, OSCP, OSCE, OSWE, OSEE certifications highly desirable.

o Experience presenting at major security conferences is a plus.

o This position may require some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.

Job: *IT

Organization: *Technology

Title: Principal Application Security Engineer

Location: TN-Nashville - Corporate Headquarters

Requisition ID: TEC01841

DirectEmployers