Pearson Software Developer (Security-focused) in Bloomington, Minnesota
Software Developer (Security-focused)
As the global leader in electronic testing, Pearson VUE ( www.pearsonvue.com at http://www.pearsonvue.com/ ) validates the skills and knowledge of millions of individuals every year. Our customers’ high-stakes certification, licensure, admissions and other credentialing exams help people advance in technology, government and professional careers, as well as attain educational growth. Pearson VUE offers proctored exams through the world's largest network of test centers in addition to testing in online and unproctored environments.
Pearson VUE is a business of Pearson, the world's leading learning company with global-reach and market-leading businesses. Pearson is listed on both the London and New York stock exchanges (UK: PSON; NYSE: PSO). For more information, visit www.pearson.com at http://www.pearson.com/ .
Bloomington, MN location required
As a security-focused developer, you will be responsible for improving application security across an entire platform. This includes identifying, assessing, escalating, and coordinating fixes across teams, plus a significant portion of hands-on work resolving vulnerabilities. This is a new role for this platform; however, you will work with security experts on other platforms and teams. The ideal candidate thrives working independently, setting their own direction, educating others, and collaborating very effectively. Candidates for this role are not expected to be security experts but they must have a solid baseline of security knowledge, strong development skills, and a willingness to rapidly and proactively expand their skills and knowledge.
Developer responsibilities include full life-cycle activities using industry best practices in an agile, results driven environment while working with a diverse group of high-performing, experienced teams. You will be expected to continually grow and challenge all of us to raise the bar even higher with your contributions to people, process and technology. We are looking for another highly collaborative team member that has a passion for excellence and innovation and knows the importance of fun, self-care and flexibility while working on a variety of complex and challenging projects.
The technology stack for our department includes but is not limited to: Java, Angular/AngularJS, Spring, REST services, JPA/Hibernate, Swing, RESTEasy, SQL Server, RabbitMQ, Azure, Apache CXF, and SpringBoot.
Understand and apply industry-leading security controls and best practices with focus on Application Security. Communicate security risks and solutions to business partners and IT staff.
Work closely with product and platform teams to implement, upgrade and monitor security controls and measures, while offering coaching and support
Provide security subject matter expertise and help project teams comply with a variety of regulations and policies. Assess current security posture and future architecture, providing a viable solution path to bridge the gap that balances security risks and product advancement.
Secure DevOps/Secure SDLC, including: automate security controls, security reviews of software applications, process and procedure improvements to reduce risk
Create design, solution and vision documentation, lead design and code reviews of changes, implement changes following Pearson standards, work with other teams to test and deploy changes following Pearson processes, and create unit/automated tests where applicable.
Required Education & Experience
Bachelor's degree in Computer Science, MIS, or equivalent technology discipline
Familiar with OWASP Secure Coding Practices, Continuous Integration/Continuous Deployment (CI/CD) processes/concepts, REST API technology and methods, and common security vulnerabilities and fixes
Proven ability in security process and organizational design
Current understanding of industry security trends and emerging threats
3 years minimum Java development required
3 years programmatic interaction with relational database systems
Current technology stack: Java, JPA, Hibernate, Web Services (REST/SOAP), Angular
Experience in OOAD, agile processes, design patterns, SQL and UML
Desired Knowledge, Skills & Abilities
Well-rounded background in application security
Experience implementing security controls in a global enterprise IT environment
Experience driving a culture of security awareness
Experience working in agile environment
Experience in understanding software architecture
Experience in creating design/solution documents and test driven development
Desire to expand knowledge in many development languages, applications, and tools
Proven ability to quickly learn new processes and tools, business domains and technical apps
Ability to think technically and analytically
Must assimilate information, distill knowledge, apply experience and provide solution alternatives and recommendations
Must have strong time management skills - including ability to work well under pressure, plan, set priorities, adapt to change, and meet established timelines
Must develop effective relationships with internal and external contacts and work well within and across teams
Must be a self-starter and detail-oriented
Must have a “positive” and energetic demeanor
Effective written and verbal communication skills
Creative problem-solving skills
Experience with all of the following (2-3 years experience required)
Strong preference for working experience with security tools, using static code analysis, dynamic code analysis, and 3rd party library assessment tools
Knowledge and remediation experience of common OWASP security risks such as SQL injection, XSS, DDoS, CSRF, XEE
Experience with Java and web applications, single-page Angular applications, REST and SOAP APIs
Experience with some or all of the following tools (Preferred)
- Swing, RESTEasy, SQL Server (Transact-SQL), RabbitMQ, Azure, Apache CXF, SpringBoot, Gradle build framework, Docker, Kubernetes, Splunk, NewRelic
Primary Location: US-MN-Bloomington
Work Locations: US-MN-Bloomington-5601 Green Valley 5601 Green Valley Drive Suite 220 Bloomington 55437
Organization: Assessments VUE
Employee Status: Regular Employee
Job Type: Standard
Shift: Day Job
Job Posting: Sep 1, 2020
Job Unposting: Ongoing
Schedule: Full-time Regular
Req ID: 2008276
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.