Pearson Application Security Engineer in Austin, Texas
Application Security Engineer - ( 2103887 )
At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.
This position reports to the Director of Data Security and Privacy, who leads the Assessments Information Security Office (AISO). You’ll be working on application security across a range of technologies and environments, from mobile applications (Android and iOS) to Cloud services. You will be working directly with product developers, site reliability engineers (SRE), DevOps Teams, QA teams, and other technical subject matter experts in the field of education science and technology. You will collaborate with your colleagues in the AISO to help identify application security vulnerabilities through the use of vulnerability and penetration testing tools, as well as through the analysis of application code and architectural design.
In this position you will:
Work with software developers to implement secure coding guidelines and best practices
Assist in the design and architecture of secure assessment platforms
Assist software development and engineering teams in the identification of application flaws before they are introduced into production
Work with other teams to help architect solutions that are inherently secure
Correctly balance security risk and product advancement
Perform penetration testing on our internal- and external-facing applications
Perform threat modeling for existing applications
Perform reactive incident response when a security event occurs
Perform proactive research to detect new attack vectors
Work with technical SMEs across the Assessments Technology Engineering (ATE) organization to architect and create secure-coding frameworks that prevent current and future attack scenarios
Collaborate with infrastructure and application teams to advance their ability to take ownership of and implement secure coding techniques and follow the OWASP best practices.
Work with Security Operations Center (SOC) colleagues to research, architect, and execute solutions that will advance internal security monitoring & controls
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.
Strong Development background using multiple development tools, techniques, and platform technologies
Proficient level skills related to OWASP Secure Coding Practices
Experience with Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins, Ansible, Terraform)
Experience with REST API design, development, and testing
Proficient skill level in Python (or comparably relevant interpreter language), Java, and databases (e.g., PostgreSQL, MySQL, MS SQL)
Some experience with DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc)
Preference will be given to candidates holding AWS Solutions Architect - Associate certification. Other cloud-based certifications will also be considered.
Intermediate skill level and experience working with industry standard cybersecurity frameworks, such as NIST CSF, ISO 27001, CIS Benchmarks, HITRUST, etc.
Bachelor’s or Master’s degree in Computer Science, Information Security, or related major.
Experience in application security testing, including dynamic & static code scanning, Burp Suite, Wireshark...and other similar tools and technologies is desired
Preference will be given to candidates who hold professional certifications in one or more of: CISSP, CEH, GCFE, CFCE, or CSSLP
The anticipated starting salary range for Colorado-based individuals expressing interest in this position is $75,000.00-$105,000.00. This position is eligible to participate in an annual incentive program.
Benefits available to eligible employees can be seen at: https://pearsonbenefitsus.com/
Primary Location : US-IA-Iowa City
Other Locations : US-CO-Centennial, US-TX-San Antonio, US-TX-Austin, US-MN-Bloomington, US-NC-Durham, US-CO-Boulder
Work Locations :
US-IA-Iowa City-2510 North Dodge
2510 North Dodge Street
Job : Technology
Organization : Assessments School
Employee Status : Regular Employee
Job Type : Standard
Job Level : Individual Contributor
Shift : Day Job
Job Posting : Mar 11, 2021
Job Unposting : Ongoing
Schedule: : Full-time Regular
Req ID: 2103887