Application Security Specialist - US Remote

The Application Security Specialist will be responsible for overseeing the development and implementation of a secure Software Development Life Cycle (SDLC) and ensuring the security of Degreed's cloud infrastructure. They will collaborate with the product and engineering teams to proactively identify security issues and prevent vulnerabilities during development. The ideal candidate will have a strong technical understanding of security domains and be able to communicate security concepts effectively. They will also be involved in conducting security assessments, threat modeling, and integrating security controls into the SDLC. Overall, the Application Security Specialist will play a key role in building and maintaining secure applications and mitigating risks for Degreed's clients and users.

Oversee the development and implementation of a secure Software Development Life Cycle (SDLC)

Collaborate with the DevOps team to provide guidance and ensure the security of Degreed's cloud infrastructure

Collaborate with the product and engineering teams to proactively identify security issues during solution design and prevent vulnerabilities during development

Support the development of design patterns and development standards to help build secure solutions

Support the development of assessment frameworks to evaluate designs and execute them

Support the design of proactive application security frameworks to ensure the secure architecture and development of business solutions

Have a strong technical understanding of all security domains to secure the Cloud environment

Define and integrate Security Architecture standards and Secure SDLC across the organization

Assist the DevSecOPS team in CI/CD pipelines and design high-tech security practices for cloud and container release platforms

Conduct application security assessments, threat modeling, and be involved with application design

Proactively communicate design and development principles to appropriate stakeholders

Empower and inspire the team through training in secure coding and design principles

Build an application security program to improve security designs and reduce vulnerabilities

Automate and standardize applicable processes

Adaptability: Comfortable working in a dynamic environment with constant change and ambiguity

Interpersonal Skills: Ability to build strong relationships with stakeholders

Cloud Knowledge: Familiarity with popular cloud provider solutions and cloud orchestration tools

OWASP Understanding: In-depth comprehension of the OWASP Top 10 and the ability to effectively communicate security concepts

Security Assessments: Expertise in conducting cloud architecture reviews, application risk assessments, and threat modeling

SDLC Integration: Experience in integrating security controls into all stages of the Software Development Life Cycle (SDLC)

Risk Analysis: Ability to analyze business impact and exposure based on emerging security threats, vulnerabilities, and risks

Effective Communication: Skill in translating technical concepts into plain language to effectively communicate business risks and requirements

Collaboration: Collaboration with developers and software architects to adjust designs and ensure they meet business and technical requirements securely

5+ years of overall experience in information security, including 3+ years in application security field and 1+ year in Cloud Security

Background in the application security basics and a working knowledge of the OWASP Top Ten exploitation paths and control mitigations to protect against them

• 5+ years of overall experience in information security, including 3+ years in application security field and 1+ year in Cloud Security
• Background in the application security basics and a working knowledge of the OWASP Top Ten exploitation paths and control mitigations to protect against them. Cloud security experience preferred.
• Knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.
• Experience with defining and integrating Security Architecture standards and Secure SDLC across the organization. A general understanding of old and new development patterns: Release cycles, CI/CD, Code check-in and review. Demonstrated knowledge of build concepts like pipelines, runners, and security checks in early lifecycle build. A background in container build environments.
• Demonstrated experience conceptualizing and thinking about threat assessments and threat modeling both in the release cycle and containerized environments. Experience with vulnerability management.
• Exposure to delivering results in an agile environment driven by priorities.
• Some development background such as building applications in at least one language in recent history and understand the complexities of building in modern languages.
• Ability to work effectively in virtual environment where key team members and partners are in various time zones and locations.
• A cybersecurity certification would be highly advantageous (Security+, SSCP, CISSP, CISM, CCSP, CSSLP, CEH, etc.)

• Comprehensive health insurance for you and your family (both PPO and HDHP plans available)
• Dental and vision plans for you and your family
• Employer-paid life insurance, AD&D, short-term disability, and long-term disability
• Company equity
• 401(k) Retirement Savings Plan with up to 4% match
• Company funded HSA and dependent care FSA (pending eligibility)
• Generous Parental Leave
• Unlimited Paid Time Off and 5 sick days per year
• Education benefit: Up to $1,200 per year for anything you want to learn
• 100% remote with a One-time Home Office Stipend
• Monthly internet and phone stipend
• Monthly wellness stipend through Forma
• Wellness programs focused on your financial, physical, and mental wellbeing