Associate Security Engineer – Application & Product Security

About The Position

Requirements

• High School Diploma or GED required.
• 0-2+ years Information Security experience.
• 0-2+ years Application/Product Security experience.
• 0-2+ years API Security analyst experience.
• Demonstrated self-starter with strong analytical skills.
• Ability to manage multiple tasks simultaneously and meet established deadlines.
• Ability to collaborate with business teams on technology & security-related controls, tasks, and projects.
• Ability to work productively while remote and communicate effectively in a virtual team and on location hybrid work environment.
• Ability to work within agile and waterfall project methodology.
• Ability to stay current with new technology.
• Ability to support appropriate Information Security and Technology standards to meet business requirements.

Nice To Haves

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or another related field is preferred.
• Security+ and GSEC security certifications are preferred. Career development plan to include certifications upon hire.
• Knowledge of security offerings within one or multiple major cloud platforms (Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), etc.) preferred.
• Knowledge of container and service-oriented security architecture for cloud-based services preferred.
• Knowledge with a modern SDLC including CI/CD pipelines, cloud architecture, API economies, and container deployment preferred.
• Knowledge of enterprise applications (support, and troubleshooting) preferred.
• Knowledge of application security tools, functions, and services similar to Snyk, Veracode, Netsparker, BurpSuite, Imperva, Radware, BugCrowd, SD Elements, OPSWAT, Okta, ThreatMetrix, and Auth0 preferred.
• Understanding of OWASP API Security Top 10

Responsibilities

• Support Security Enablement via an Agile Method: Support multiple concurrent security integration initiatives with various business units for various development and deployment projects in offset phases within an agile framework with a dedicated staff of specialists through the requirements, design, development, and operating phases.
• Support the AVP, Application and Product Security in implementing a robust Customer Identity and Access Management (CIAM) function to ensure security and privacy aspects to registration, authentication, self-service, personalization of experience and privacy of member data is secure and meets required regulatory requirements. Specifically, Supports scalability of platform to meet the needs of members based on product or services enablement. Implement required authentication and identity parameters (e.g., SSO, MFA, geo-location, etc.) Implement attack protection for CIAM across enterprise public-facing platforms through enablement of services such as Web Application Firewall (WAF), DDoS, Bot protections ensuring robust monitoring, alerting and actionable policies are in place to protect against external threats.
• Support program strategy for API security, mergers and acquisitions evaluations, and open-source security.
• Support the AVP, Application and Product Security in the implementation of secure engineering practices such as design & code reviews, API security reviews, threat modeling, penetration testing, continuous integration, and security focused behavior-driven development. Specifically: Threat Modeling: Support threat modeling for platform/applications/services that deliveries core services to B2B and B2C customers. Secure Software Development: Implement and support security services and practices including static and dynamic scanning and code review, Penetration testing, open and internal sourced component lifecycle management, SDLC policies and standards.
• Support the design development, and validation of secure code of systems, solutions and processes from a security perspective and premise, hybrid and with multiple cloud providers.
• Support secure code and API interface reviews with internal and external product teams.
• Support application security continuous improvement plan and drive execution by driving best practices within teams with respect to security policies, procedures, standards, and guidelines in line with industry leading practices for on-prem, hybrid and cloud specific environments, application and product development.
• Support secure development through the CI/CD pipelines, toolchains, and operations on secure code practices.
• Perform other duties and responsibilities as assigned.
• Maintain and optimize existing APIs for Confidentiality, Integrity, and Availability.
• Support secure API code reviews with internal and external product teams.
• Support secure API development through the CI/CD pipelines, toolchains, and operations on secure code practices.
• All employees and business units, as first line of defense, are expected to proactively help identify, assess, manage, and report risks within their domain of work. To enhance a healthy risk culture and support our growth for good pillar, employees will maintain vigilance in safeguarding our operations while ensuring compliance with regulatory mandates. The Risk team serves as the second line of defense by providing risk oversight and credible challenge whereas the Audit team serves as the third line of defense by providing risk assurance.
• Incumbent is expected to demonstrate each of the following VyStar Excellence behaviors in performing the duties and responsibilities of their job: Focus - Focus your full attention by carefully listening to and observing client or member. Connect - Consistently be friendly and approachable. Demonstrate your care. Understand - Listen empathetically and ask questions (70%/30% rule). Counsel - Recommend solutions based on your member’s needs and objectives. Advance - Ensure that member’s expectations were exceeded. Verify necessary follow-up actions.

Benefits

• competitive pay
• an excellent benefit package that includes a 401(k) Plan
• an extensive paid technical and on-the-job training program
• tuition reimbursement