Application Security Engineer
Are you a highly skilled cybersecurity application security professional that has a passion to secure web and mobile applications? Use your expertise to help us craft the next generation of our application security program. You will work closely with our cybersecurity teams, application development teams, and operations teams conducting security testing, penetration testing, purple teaming, and breach / attack simulation. Help us re-think what it means to be a secure insurance provider delivering capabilities in a fast-changing, highly competitive market.
Your day could include and experience we would like to see:
Perform penetration testing and secure code testing activities
Provide tactical and strategic guidance and detailed remediation advice aimed at helping clients achieve strong security postures
Consult with development teams and provide them with information about application security and secure development lifecycle processes
Automated testing in a DevSecOps process (Static Application Security Testing – SAST, Dynamic Application Security Testing – DAST, and other technologies as necessary into the overall SSDLC process design.
Managed real time application protection software and web application firewalls to provide proactive prevention of known attacks
Track and monitor current and trending practices in software engineering, DevOps and application security
Assist with the development and operational aspects related to purple teaming and breach / attack simulation, advanced our capabilities to both detect and prevention known attacks while mapping those activities to the MITRE ATT&CK Framework
Obtain and evolve technical expertise, certifications, and industry credentials through formal and informal training and other educational initiatives
Education, Certifications and nice to have:
Must have 3+ years of experience in application/network/web/mobile penetration testing and tooling, purple team, or application security engineering and architecture, preferably in a large and distributed operating environment
Demonstrated expertise in Application Security, specifically web and mobile application security, configurations, vulnerability assessments
Professional experience with any of the following: Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr
Expert knowledge of OWASP Top 10 and ability to articulate web security risks
Knowledge of automated DAST, SAST, and RASP tooling is preferred, including but not limited to OWASP Zed Attack Proxy, BURP Suite, Nessus, Metasploit, Postman, HP WebInspect, Qualys, or WhiteHat
Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc is a plus
Possession of industry standard certifications such as OSCP, CEH, GWAPT, GPEN and/or other relevant penetration testing related certifications is a plus
Knowledge of SDLC, Agile, Waterfall, or Scrum
Information Security, Security Testing and/or Risk Analysis Experience
A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including: risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management
Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion
Proven excellent relationship management skills with all levels of the enterprise are required.
Ability to effectively collaborate across teams
CSAA Insurance Group offers many benefits, including:
Comprehensive health care plans, including medical, dental, vision, and tax-deferred spending accounts.
Employee assistance, healthy pregnancy and wellness programs.
Paid time off, plus nine paid holidays and 24 hours of volunteer time off.
401(k) plus company matching up to 6% and a cash balance pension program.
Paid training, tuition reimbursement, self-service training and career development opportunities.
Be part of a community that works:
At CSAA Insurance Group, we take pride in our values-based culture. Helping our employees have enriched lives and satisfying careers is how we work. Our employees appreciate the integrity and inclusion that is evident throughout our everyday interactions. We respect the diverse range of perspectives, backgrounds and cultures of our teams, and join together when it comes to helping our members, community or one another.
Headquartered in Walnut Creek, California, our community also works in Arizona, Colorado, Nevada, New Jersey and Oklahoma. Learn more about us at CSAA-Insurance.aaa.com/careers
Please submit your application to be considered. We communicate via email, so check your inbox to ensure you don’t miss important updates from us.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.
Zero stress and one profile that can connect you directly to 1000s of companies.
We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.
Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.
Join now and be seen.