Application Security Specialist - US Remote
Degreed
·
Posted:
August 29, 2023
·
Remote
About the position
The Application Security Specialist will be responsible for overseeing the development and implementation of a secure Software Development Life Cycle (SDLC) and ensuring the security of Degreed's cloud infrastructure. They will collaborate with the product and engineering teams to proactively identify security issues and prevent vulnerabilities during development. The ideal candidate will have a strong technical understanding of security domains and be able to communicate security concepts effectively. They will also be involved in conducting security assessments, threat modeling, and integrating security controls into the SDLC. Overall, the Application Security Specialist will play a key role in building and maintaining secure applications and mitigating risks for Degreed's clients and users.
Responsibilities
Requirements
- 5+ years of overall experience in information security, including 3+ years in application security field and 1+ year in Cloud Security
- Background in the application security basics and a working knowledge of the OWASP Top Ten exploitation paths and control mitigations to protect against them. Cloud security experience preferred.
- Knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.
- Experience with defining and integrating Security Architecture standards and Secure SDLC across the organization. A general understanding of old and new development patterns: Release cycles, CI/CD, Code check-in and review. Demonstrated knowledge of build concepts like pipelines, runners, and security checks in early lifecycle build. A background in container build environments.
- Demonstrated experience conceptualizing and thinking about threat assessments and threat modeling both in the release cycle and containerized environments. Experience with vulnerability management.
- Exposure to delivering results in an agile environment driven by priorities.
- Some development background such as building applications in at least one language in recent history and understand the complexities of building in modern languages.
- Ability to work effectively in virtual environment where key team members and partners are in various time zones and locations.
- A cybersecurity certification would be highly advantageous (Security+, SSCP, CISSP, CISM, CCSP, CSSLP, CEH, etc.)
Benefits
- Comprehensive health insurance for you and your family (both PPO and HDHP plans available)
- Dental and vision plans for you and your family
- Employer-paid life insurance, AD&D, short-term disability, and long-term disability
- Company equity
- 401(k) Retirement Savings Plan with up to 4% match
- Company funded HSA and dependent care FSA (pending eligibility)
- Generous Parental Leave
- Unlimited Paid Time Off and 5 sick days per year
- Education benefit: Up to $1,200 per year for anything you want to learn
- 100% remote with a One-time Home Office Stipend
- Monthly internet and phone stipend
- Monthly wellness stipend through Forma
- Wellness programs focused on your financial, physical, and mental wellbeing