Pearson Jobs

Job Information

Pearson Application Security Engineer in Colombo, Sri Lanka

Application Security Engineer



Role purpose

  • The Application Security team is responsible for protecting Pearson’s commercial digital products and data, our learner’s data, and Pearson’s internal applications. By employing a blend of technology, developer training, test integration, and process automation, the Application Security team’s goal is to reduce our risks and provide ongoing Internet safe-havens for our learners.

  • Within this team, the Application Security Engineer is responsible for reviewing technology designs, and designing security controls and solutions, to reduce the risk to Pearson and its customers. They will help define the information security architecture and design for the enterprise. This is an expert/lead technical role


As a direct report to the Manager of Application Security, you will have the following accountabilities:

  • Partner with security architects, other functional-area architects, engineering, and security specialists to ensure adequate security solutions and controls are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements;

  • Based on their own strong development background with prominent web or mobile development languages and frameworks; provide advanced security remediation advice directly to development and testing teams;

  • Provide expert-level guidance to security analysts, testers, and development teams during application security assessments. Must be able to identify, re-create, and remediate security defects;

  • Design, develop, and implement automation features into our existing security pipeline. Experience with Django / Python required. Experience with Go a plus.Working knowledge of automated application security-related tools such as AppSpider, Checkmarx, Qualys, and Nessus;

  • Ability to perform manual assessments via tools such as HTTP Proxies (BurpSuite Pro, OWASP ZAP), automation scripts, shell scripting w/ curl, fuzzers and other commercial and open source tools;

  • Experience implementing and integrating Selenium into security / regression testing a plus;

  • Experience using and testing REST and/or SOAP APIs;

  • In-depth knowledge on common web application security flaws and secure coding practices and the ability to clearly explain security issues to project and development staff;

  • Advocate for OWASP Application Security Verification Standard (ASVS) as an internal standard, explain how it applies to application development teams, and why it matters;

  • Ability to prioritize and track security issues and work with the necessary teams to ensure remediation;

  • Serve as a leader by promoting security awareness, mentoring other team members, and staying up-to-date on current development methodologies (Agile/DevOps);

  • Understand HTTP, REST, SOAP, XML and JSON as it relates to APIs and AJAX

  • Embrace a culture of continuous service improvement and service excellence; and

Stay up to date on security industry trends.


Skills and Experience

  • 3 years in Information Security space;

  • Strong experience with modern development languages and frameworks, with a passion to make security realistic, achievable and interwoven with the business fabric;

  • Strong oral, written, and presentation abilities -able to convey risk to all levels of the business, from C-level executives to operations and development teams;

  • Strong understanding of web applications and architectures, relational and non-relational databases, and hardware architectures, and effectively applying the principles of information security to IT environments

  • Strong understanding of modern application development and operational philosophies

  • Some experience with Unix/Linux and Windows system administration;

  • Some understanding of governance frameworks such as ITIL and ISO 27001;

  • Current understanding of Industry trends and emerging threats; and

  • Knowledge of incident response methodologies and technologies.

Primary Location: LK-1-Colombo

Work Locations: LK-Colombo-Orion City Rigel Bldg Orion City Rigel Bldg No 752 Dr. Danister De Silva Mawatha Colombo 900

Job: Technology

Organization: Technology & Operations

Employee Status: Regular Employee

Job Type: Standard

Shift: Day Job

Job Posting: Jun 10, 2019

Job Unposting: Ongoing

Schedule: Full-time Regular

Req ID: 1907185

Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.