Pearson Application Security Engineer/Senior Application Security Engineer in India
The Enterprise Application Security team is responsible for protecting Pearson’s commercial digital products and data, our learner’s data, and Pearson’s internal applications. By employing a blend of technology, developer training, test integration, and process automation, the Application Security team’s goal is to reduce our risks and provide ongoing Internet safe havens for our learners.
Within this team, the Senior/Application Security Engineer is responsible for supporting existing application security initiatives, performing SAST, DAST, SCA against various, complex applications which are developed inhouse and third parties, assess the risk of each application and communicate findings to wider business stakeholder audience.
As a direct report to the Head of Application Security, you will have the following accountabilities:
Support global Application Security initiatives and BAU operations
Scope and perform penetration tests against large scale, complex applications including web, mobile and thick/thin client applications.
Closely working with the software development community and based on their own strong development background with prominent web or mobile development languages and frameworks; provide advanced security remediation advice directly to development and testing teams.
Provide expert-level guidance to security analysts, testers, and development teams during application security assessments. Must be able to identify, re-create, and remediate security defects.
Understand HTTP, REST, SOAP, XML and JSON as it relates to APIs and AJAX
Work with SAST/DAST/SCA/RASV tools and support Application Security BAU operations
Flexibility to cross-skill and engage in other security domains such as Cyber Threat Management, Identity and Access Management, Cyber Transformation, Business Resilience and Data Loss Prevention and Privacy.
Working knowledge of automated application security-related commercial and opensource tools
Experience implementing and integrating Selenium into security / regression testing a plus;
Experience using and testing REST and/or SOAP APIs;
In-depth knowledge on common web application security flaws and secure coding practices and the ability to clearly explain security issues to project and development staff;
Ability to prioritize and track security issues and work with the necessary teams to ensure remediation.
Serve as a leader by promoting security awareness, mentoring other team members, and staying up to date on current development methodologies (Agile/DevOps);
Embrace a culture of continuous service improvement and service excellence; and
Stay up to date on security industry trends.
Skills and Experience
8+ years in Information Security space and minimum 4 years experience in Application/Software Security industry
In-depth understanding of OWASP framework and its practical usage
Strong hands-on experience with Application-level testing (SAST/DAST/SCA/Manual assessment) and tooling
Strong experience with modern scripting languages
Strong experience with SDLC, modern development languages and frameworks, with a passion to make security realistic, achievable, and interwoven with the business fabric.
Strong understanding of Cloud ( AWS and Azure ) platforms
Strong oral, written, and presentation abilities - able to convey risk to all levels of the business, from C-level executives to operations and development teams.
Strong understanding of web applications and architectures, relational and non-relational databases, and hardware architectures, and effectively applying the principles of information security to IT environments
Strong understanding of modern application development and operational philosophies
Experience with commercial SAST/DAST/SCA/RASP tools
Current understanding of Industry trends and emerging threats; and
What to expect from Pearson
Did you know Pearson is one of the 10 most innovative education companies of 2022?
At Pearson, we add life to a lifetime of learning so everyone can realize the life they imagine. We do this by creating vibrant and enriching learning experiences designed for real-life impact. We are on a journey to be 100 percent digital to meet the changing needs of the global population by developing a new strategy with ambitious targets. To deliver on our strategic vision, we have five business divisions that are the foundation for the long-term growth of the company: Assessment & Qualifications, Virtual Learning, English Language Learning, Workforce Skills and Higher Education. Alongside these, we have our corporate divisions: Digital & Technology, Finance, Global Corporate Marketing & Communications, Human Resources, Legal, Strategy and Direct to Consumer. Learn more at We are Pearson.
We value the power of an inclusive culture and also a strong sense of belonging. We promote a culture where differences are embraced, opportunities are accessible, consideration and respect are the norm and all individuals are supported in reaching their full potential. Through our talent, we believe that diversity, equity and inclusion make us a more innovative and vibrant place to work. People are at the center, and we are committed to building a workplace where talent can learn, grow and thrive.
Pearson is an Affirmative Action and Equal Opportunity Employer and a member of E-Verify. We want a team that represents a variety of backgrounds, perspectives and skills. The more inclusive we are, the better our work will be. All employment decisions are based on qualifications, merit and business need. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We strive for a workforce that reflects the diversity of our communities.
To learn more about Pearson’s commitment to a diverse and inclusive workforce, navigate to: Diversity, Equity & Inclusion at Pearson.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing firstname.lastname@example.org.
Note that the information you provide will stay confidential and will be stored securely. It will not be seen by those involved in making decisions as part of the recruitment process.
Organization: Corporate Strategy & Technology
Req ID: 8644