Pearson Jobs

Job Information

Pearson Application Security Engineer in Austin, Texas

Application Security Engineer

Description

Titled Application Security Engineer

Company Description

At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.

Position Overview

This position reports to the Director of Data Security and Privacy, who leads the School Assessments Information Security Office (AISO). You’ll be working on application security across a range of technologies and environments, from mobile applications (Android and iOS) to Cloud services. You will be working directly with product developers, site reliability engineers (SRE), DevOps Teams, QA teams, and other technical subject matter experts in the field of education science and technology. You will collaborate with your colleagues in the AISO to help identify application security vulnerabilities through the use of vulnerability and penetration testing tools, as well as through the analysis of application code and architectural design.

In this position you will:

  • Develop, maintain, and socialize secure coding guidelines and best practices.

  • Work with developers to assist in designing and architecting secure systems.

  • Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production

  • Be a security subject matter expert and respond to any internal security engineering questions/request

  • Work with other teams to help architect solutions that are inherently secure

  • Correctly balance security risk and product advancement

  • Perform penetration testing on our internal- and external-facing applications

  • Perform threat modeling for existing applications

  • Perform reactive incident response when a security event occurs

  • Perform proactive research to identify new attack vectors

  • Work with Security Operations Center (SOC) colleagues to research, architect, and execute solutions that will advance internal security monitoring & controls

Qualifications

  • Working knowledge of application development tools, techniques, and platform technologies

  • Familiar with OWASP Secure Coding Practices

  • Familiar with Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools ( e.g., Jenkins, Ansible, Terraform)

  • Familiar with REST API technology and methods.

  • Ability to develop scripts in Python (or comparable language),

  • Familiar with or willing to learn DevOps concepts

  • Familiar with or willing to learn container/orchestration tools (Kubernetes, Docker, Puppet, etc)

  • Preference will be given to candidates holding AWS Solutions Architect - Associate certification. Other cloud-based certifications will be considered.

  • Entry-level skill level and experience working with industry standard cybersecurity frameworks, such as NIST CSF, ISO 27001, CIS Benchmarks, HITRUST, etc.

  • Bachelor’s degree in Computer Science, Information Security, or equivalent.

  • 1 or more years in application security testing, including dynamic & static code scanning, Burp Suite, Wireshark...and other similar tools and technologies.

  • Preference will be given to candidates who hold professional certifications in one or more of: CISSP, CEH, GCFE, CFCE, or CSSLP

Qualifications

Titled Application Security Engineer

Company Description

At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.

Position Overview

This position reports to the Director of Data Security and Privacy, who leads the School Assessments Information Security Office (AISO). You’ll be working on application security across a range of technologies and environments, from mobile applications (Android and iOS) to Cloud services. You will be working directly with product developers, site reliability engineers (SRE), DevOps Teams, QA teams, and other technical subject matter experts in the field of education science and technology. You will collaborate with your colleagues in the AISO to help identify application security vulnerabilities through the use of vulnerability and penetration testing tools, as well as through the analysis of application code and architectural design.

In this position you will:

  • Develop, maintain, and socialize secure coding guidelines and best practices.

  • Work with developers to assist in designing and architecting secure systems.

  • Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production

  • Be a security subject matter expert and respond to any internal security engineering questions/request

  • Work with other teams to help architect solutions that are inherently secure

  • Correctly balance security risk and product advancement

  • Perform penetration testing on our internal- and external-facing applications

  • Perform threat modeling for existing applications

  • Perform reactive incident response when a security event occurs

  • Perform proactive research to identify new attack vectors

  • Work with Security Operations Center (SOC) colleagues to research, architect, and execute solutions that will advance internal security monitoring & controls

Qualifications

  • Working knowledge of application development tools, techniques, and platform technologies

  • Familiar with OWASP Secure Coding Practices

  • Familiar with Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools ( e.g., Jenkins, Ansible, Terraform)

  • Familiar with REST API technology and methods.

  • Ability to develop scripts in Python (or comparable language),

  • Familiar with or willing to learn DevOps concepts

  • Familiar with or willing to learn container/orchestration tools (Kubernetes, Docker, Puppet, etc)

  • Preference will be given to candidates holding AWS Solutions Architect - Associate certification. Other cloud-based certifications will be considered.

  • Entry-level skill level and experience working with industry standard cybersecurity frameworks, such as NIST CSF, ISO 27001, CIS Benchmarks, HITRUST, etc.

  • Bachelor’s degree in Computer Science, Information Security, or equivalent.

  • 1 or more years in application security testing, including dynamic & static code scanning, Burp Suite, Wireshark...and other similar tools and technologies.

  • Preference will be given to candidates who hold professional certifications in one or more of: CISSP, CEH, GCFE, CFCE, or CSSLP

Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.

Primary Location: US-IA-Iowa City

Other Locations US-CO-Centennial, US-TX-San Antonio, US-TX-Austin, US-MN-Bloomington, US-CO-Boulder

Work Locations: US-IA-Iowa City-2510 North Dodge 2510 North Dodge Street Iowa City 52245

Job: Technology

Organization: Assessments School

Employee Status: Regular Employee

Job Type: Standard

Shift: Day Job

Job Posting: Sep 26, 2019

Job Unposting: Ongoing

Schedule: Full-time Regular

Req ID: 1912949

Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.

DirectEmployers