Application Security Specialist - US Remote

The Application Security Specialist will be responsible for overseeing the development and implementation of a secure Software Development Life Cycle (SDLC) and ensuring the security of Degreed's cloud infrastructure. They will collaborate with the product and engineering teams to proactively identify security issues and prevent vulnerabilities during development. The ideal candidate will have strong technical understanding of security domains, experience in conducting security assessments and threat modeling, and the ability to communicate security concepts effectively. They will also be involved in building an application security program and automating applicable processes.

• Oversee the development and implementation of a secure Software Development Life Cycle (SDLC)
• Collaborate with the DevOps team to provide guidance and ensure the security of Degreed's cloud infrastructure
• Proactively identify security issues during solution design and prevent vulnerabilities during development
• Support the development of design patterns and development standards for building secure solutions
• Develop assessment frameworks to evaluate designs and execute them
• Support the design of proactive application security frameworks for secure architecture and development of business solutions
• Secure the Cloud environment by applying controls around prevent, detect, respond, and remediate
• Define and integrate Security Architecture standards and Secure SDLC across the organization
• Assist the DevSecOPS team in CI/CD pipelines and design high-tech security practices for cloud and container release platforms
• Conduct application security assessments, threat modeling, and be involved in application design
• Communicate design and development principles to appropriate stakeholders
• Empower and inspire developers, architects, and others through training in secure coding and design principles
• Build an application security program to improve security designs and reduce vulnerabilities
• Automate and standardize applicable processes
• Adapt to a dynamic environment with constant change and ambiguity
• Build strong relationships with development, software architecture, and product management stakeholders
• Familiarity with popular cloud provider solutions and cloud orchestration tools
• In-depth comprehension of the OWASP Top 10 and ability to communicate security concepts effectively
• Conduct cloud architecture reviews, application risk assessments, and threat modeling
• Integrate security controls into all stages of the Software Development Life Cycle (SDLC)
• Analyze business impact and exposure based on emerging security threats, vulnerabilities, and risks
• Translate technical concepts into plain language for effective communication with stakeholders
• Collaborate with developers and software architects to ensure secure designs meet business and technical requirements
• Have 5+ years of overall experience in information security, including 3+ years in application security field and 1+ year in Cloud Security
• Possess knowledge and experience with security controls and secure migration of enterprise applications to major cloud providers
• Define and integrate Security Architecture standards and Secure SDLC across the organization
• Conceptualize and think about threat assessments and threat modeling in release cycle and containerized environments
• Exposure to delivering results in an agile environment
• Have a development background and understanding of building applications in modern languages
• Ability to work effectively in a virtual environment with team members and partners in various time zones and locations

• 5+ years of overall experience in information security, including 3+ years in application security field and 1+ year in Cloud Security
• Background in the application security basics and a working knowledge of the OWASP Top Ten exploitation paths and control mitigations to protect against them. Cloud security experience preferred.
• Knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.
• Experience with defining and integrating Security Architecture standards and Secure SDLC across the organization. A general understanding of old and new development patterns: Release cycles, CI/CD, Code check-in and review. Demonstrated knowledge of build concepts like pipelines, runners, and security checks in early lifecycle build. A background in container build environments.
• Demonstrated experience conceptualizing and thinking about threat assessments and threat modeling both in the release cycle and containerized environments. Experience with vulnerability management.
• Exposure to delivering results in an agile environment driven by priorities.
• Some development background such as building applications in at least one language in recent history and understand the complexities of building in modern languages.
• Ability to work effectively in virtual environment where key team members and partners are in various time zones and locations.
• A cybersecurity certification would be highly advantageous (Security+, SSCP, CISSP, CISM, CCSP, CSSLP, CEH, etc.)

• Comprehensive health insurance for you and your family (both PPO and HDHP plans available)
• Dental and vision plans for you and your family
• Employer-paid life insurance, AD&D, short-term disability, and long-term disability
• Company equity
• 401(k) Retirement Savings Plan with up to 4% match
• Company funded HSA and dependent care FSA (pending eligibility)
• Generous Parental Leave
• Unlimited Paid Time Off and 5 sick days per year
• Education benefit: Up to $1,200 per year for anything you want to learn
• 100% remote with a One-time Home Office Stipend
• Monthly internet and phone stipend
• Monthly wellness stipend through Forma
• Wellness programs focused on your financial, physical, and mental wellbeing