Asurion Principal Application Security Engineer in Nashville, Tennessee
The Principal Application Security Engineer will assist Asurion in developing truly secure products by providing best-in-class application security services to the product development organization, while passionately pursuing personal and organizational excellence in the field of application/product security.
o Provide application/product security guidance and direction to globally distributed product development organization.
o Perform application security assessments of internally developed products and systems.
o Perform automated and manual security code reviews.
o Build threat models of internally developed products and systems.
o Advise and educate development teams with respect to application security best practices, security automation within the SDLC, and the proper use of application security products and services.
o Build and maintain positive and productive working relationships with product development teams and individuals.
o Mentor security champions and junior application security engineers.
o Provide assistance in response to product security incidents where application / product security expertise is required.
o Participate in blameless post mortems and retrospectives in effort to improve security of products / systems.
o Develop security assessment scripts and frameworks.
o Continuously learn and keep abreast of the latest technical developments in the application/product security and cloud security spaces.
o Perform research into and present on relevant security technology, practices, and threats.
o Work closely with a small team of application security and penetration testing staff, in conjunction with product development, to ensure company products and services withstand all foreseen and reasonable attacks.
o BS or MS in Computer Science or Engineering.
o 4 years of experience as a software engineer/developer in a product development organization.
o 3 years of hands-on, in-depth experience in application security, in the role of security engineer, reviewing, assessing, and providing guidance to product development teams.
o Experience should include threat modeling, security architecture & design review, automated & manual static security code analysis.
o In-depth knowledge of application security vulnerabilities and best practices.
o Knowledge of network security, public cloud security (particularly AWS), PKI, and cryptography.
o Strong analytical and problem-solving skills.
o Experience mentoring junior engineers toward professional maturity.
o Experience leading small teams of engineers in a fast-paced environment.
o Excellent communication (oral, written, presentation) skills.
o Penetration testing experience is highly desirable.
o GSSP, GWAPT, GXPN, OSCP, OSCE, OSWE, OSEE certifications highly desirable.
o Experience presenting at major security conferences is a plus.
o This position may require some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.
Title: Principal Application Security Engineer
Location: TN-Nashville - Corporate Headquarters
Requisition ID: TEC01841