Role purpose

• The Enterprise Application Security team is responsible for protecting Pearson’s commercial digital products and data, our learner’s data, and Pearson’s internal applications. By employing a blend of technology, developer training, test integration, and process automation, the Application Security team’s goal is to reduce our risks and provide ongoing Internet safe havens for our learners.

• Within this team, the Senior/Application Security Engineer is mostly responsible for supporting existing application security initiatives, performing manual assessment of the applications own by Pearson and 3 rd parties. This role will also support existing SAST, DAST, SCA operational activities.

Responsibilities

• Scoping and performing Pearson own mobile, web application, cloud, and API/Web Services tests.

• Automation of security testing, and development of internal tooling, to achieve continuous assurance.

• Collaboration with engineering teams to facilitate secure development, including:

• Review and analysis of proposed technical solutions to identify appropriate security controls.

• Input and guidance to security related technical architecture and design decisions.

• Code review of features and critical security components.

• Practical security testing.

• Advising development community on remediation of security issues and processes to address root causes.

• Security assurance reviews of third-party solutions.

• Review, analysis, and reporting of external threats relevant to Pearson systems and solutions in the context of Pearson’s desired security posture.

• Work with Pearson BAU Application Security team on SAST/DAST/SCA/RASP activities.

Requirements

Pearson is open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications.

Ideally, we would like:

• 7+ years technical information security experience and 3+ years of experience in Application Penetration Testing

• Experience of mobile, web application, cloud, and API/Web Services penetration testing.

• Strong technical knowledge in:

• Web application security

• API Security

• Mobile security (iOS and Android)

• Networking and associated protocols

• Containers and Kubernetes

• A desire to learn, and ability to apply technical security knowledge to new and unfamiliar areas.

• SANS, CREST, OSCP or similar industry penetration testing qualification

• A good understanding of applied cryptographic techniques.

• Reverse engineering and exploit development capabilities.

• Experience of security testing in an agile SDLC.

• Threat modelling experience.

• Experience performing code reviews, particularly in Java and Go.

• Experience of fulfilling a client facing security consulting role.

• Excellent verbal and written communication skills.

• Experience in automation of security testing, with previous development experience desirable.

What to expect from Pearson

Did you know Pearson is one of the 10 most innovative education companies of 2022?

At Pearson, we add life to a lifetime of learning so everyone can realize the life they imagine. We do this by creating vibrant and enriching learning experiences designed for real-life impact. We are on a journey to be 100 percent digital to meet the changing needs of the global population by developing a new strategy with ambitious targets. To deliver on our strategic vision, we have five business divisions that are the foundation for the long-term growth of the company: Assessment & Qualifications, Virtual Learning, English Language Learning, Workforce Skills and Higher Education. Alongside these, we have our corporate divisions: Digital & Technology, Finance, Global Corporate Marketing & Communications, Human Resources, Legal, Strategy and Direct to Consumer. Learn more at We are Pearson.

We value the power of an inclusive culture and also a strong sense of belonging. We promote a culture where differences are embraced, opportunities are accessible, consideration and respect are the norm and all individuals are supported in reaching their full potential. Through our talent, we believe that diversity, equity and inclusion make us a more innovative and vibrant place to work. People are at the center, and we are committed to building a workplace where talent can learn, grow and thrive.

Pearson is an Affirmative Action and Equal Opportunity Employer and a member of E-Verify. We want a team that represents a variety of backgrounds, perspectives and skills. The more inclusive we are, the better our work will be. All employment decisions are based on qualifications, merit and business need. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We strive for a workforce that reflects the diversity of our communities.

To learn more about Pearson’s commitment to a diverse and inclusive workforce, navigate to: Diversity, Equity & Inclusion at Pearson.

If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing ppsmhr@pearson.com.

Note that the information you provide will stay confidential and will be stored securely. It will not be seen by those involved in making decisions as part of the recruitment process.

Job: ENGINEERING

Organization: Corporate Strategy & Technology

Schedule: FULL_TIME

Req ID: 8643