Pearson Jobs

ees can be seen at: <a data-auth="NotApplicable" href="" id="LPlnk316527" rel="noreferrer noopener" target="_blank"></a> <br><br> #LI-POST <br><br> <br><strong> P

Job Information

Pearson Application Security Engineer in Centennial, Colorado

Application Security Engineer - ( 2103887 )


Company Description

At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.

Position Overview

This position reports to the Director of Data Security and Privacy, who leads the Assessments Information Security Office (AISO). You’ll be working on application security across a range of technologies and environments, from mobile applications (Android and iOS) to Cloud services. You will be working directly with product developers, site reliability engineers (SRE), DevOps Teams, QA teams, and other technical subject matter experts in the field of education science and technology. You will collaborate with your colleagues in the AISO to help identify application security vulnerabilities through the use of vulnerability and penetration testing tools, as well as through the analysis of application code and architectural design.

In this position you will:

  • Work with software developers to implement secure coding guidelines and best practices

  • Assist in the design and architecture of secure assessment platforms

  • Assist software development and engineering teams in the identification of application flaws before they are introduced into production

  • Work with other teams to help architect solutions that are inherently secure

  • Correctly balance security risk and product advancement

  • Perform penetration testing on our internal- and external-facing applications

  • Perform threat modeling for existing applications

  • Perform reactive incident response when a security event occurs

  • Perform proactive research to detect new attack vectors

  • Work with technical SMEs across the Assessments Technology Engineering (ATE) organization to architect and create secure-coding frameworks that prevent current and future attack scenarios

  • Collaborate with infrastructure and application teams to advance their ability to take ownership of and implement secure coding techniques and follow the OWASP best practices.

  • Work with Security Operations Center (SOC) colleagues to research, architect, and execute solutions that will advance internal security monitoring & controls

Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.


  • Strong Development background using multiple development tools, techniques, and platform technologies

  • Proficient level skills related to OWASP Secure Coding Practices

  • Experience with Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins, Ansible, Terraform)

  • Experience with REST API design, development, and testing

  • Proficient skill level in Python (or comparably relevant interpreter language), Java, and databases (e.g., PostgreSQL, MySQL, MS SQL)

  • Some experience with DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc)

  • Preference will be given to candidates holding AWS Solutions Architect - Associate certification. Other cloud-based certifications will also be considered.

  • Intermediate skill level and experience working with industry standard cybersecurity frameworks, such as NIST CSF, ISO 27001, CIS Benchmarks, HITRUST, etc.

  • Bachelor’s or Master’s degree in Computer Science, Information Security, or related major.

  • Experience in application security testing, including dynamic & static code scanning, Burp Suite, Wireshark...and other similar tools and technologies is desired

  • Preference will be given to candidates who hold professional certifications in one or more of: CISSP, CEH, GCFE, CFCE, or CSSLP

The anticipated starting salary range for Colorado-based individuals expressing interest in this position is $75,000.00-$105,000.00. This position is eligible to participate in an annual incentive program.

Benefits available to eligible employees can be seen at:


Primary Location : US-IA-Iowa City

Other Locations : US-CO-Centennial, US-TX-San Antonio, US-TX-Austin, US-MN-Bloomington, US-NC-Durham, US-CO-Boulder

Work Locations :

US-IA-Iowa City-2510 North Dodge

2510 North Dodge Street

Iowa City52245

Job : Technology

Organization : Assessments School

Employee Status : Regular Employee

Job Type : Standard

Job Level : Individual Contributor

Shift : Day Job

Job Posting : Mar 11, 2021

Job Unposting : Ongoing

Schedule: : Full-time Regular

Req ID: 2103887