Application Security Engineer PositionPearson is a Global organization that does business in nearly every country; the majority of our systems are cloud based, using modern infrastructure and development practices. Pearson services a number of federal and highly sensitive workloads, ensuring security is routinely prioritized.While we have a global reach, impacting the lives and work of many, we are a close-knit and passionate team of engineers with expertise ranging across the board in the realm of Cybersecurity. Here, you will always be a stone's throw away from exciting projects with many opportunities for growth and developing knowledge in cutting-edge technologies.As an Application Security Engineer, you will be responsible for ensuring the holistic security of various applications and services used throughout the organization. You will be working with various application teams throughout the organization to ensure security best practices are adopted and implanted throughout the SDLC. You will work to identify, track, and advise the application teams to remediate vulnerabilities and the associated risks. Vulnerailities may come from various tools and testing done by yourself or other internal or third-party penetration testers.The primary job responsibilities include:Engagement with internal and external partner teamsCollaborate with product and platform teams on security controlsPlan, implement, upgrade, and monitor security measures related to application securityCollaborate with functional area architects, engineers, and security specialists across Pearson to implement suitable security solutions and controls.Provide security expertise and assist project teams in adhering to enterprise and IT security policies, industry regulations, and best practicesEvaluate Pearson's current security and future architecture, offering solutions to address any gaps.Assess and understand the current and planned security posture for platforms, provide recommendations for improvements and risk reductionDevelop security configuration standards, procedures, and guidelines for various platforms, including baseline security configurations and hardening guides.Communicate security risks and solutions to business partners and IT staffCoach developers on application securityImplement industry-leading security engineering practices across the organization.Escalate and document risks when observed
Secure DevOps/Secure SDLC
Perform threat modelingPerform thorough security reviews of software applications.Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk
Tuning of Security Prevention Tools
Assist with configuring Web Application Firewalls (WAF)Assist with the tuning of Runtime Application Self Protection (RASP) tools
Incident Response
Assist in security incident response efforts as necessaryAid teams in implementing appropriate logging practicesCollaborate with security operations teams to develop detection capabilities
Research
Conduct research, design, and advocate for new technologies and security products that fulfill the security requirements of the enterprise, as well as those of its customers, business partners, and vendors.Contribute to the development and maintenance of the information security strategy
Security Tooling
Administer, configure, and support security toolsAssist with adoption of new/existing security tools as neededCreate/support integrations of security tools into central analytics systemEmbrace a culture of continuous service improvement and service excellenceStay up to date on security industry trendsEssential Skills:
Bachelor's degree in Computer Science, MIS, or equivalent technology discipline
Working knowledge of application development tools, techniques, and platform technologies
Familiar with Continuous Integration/Continuous Deployment (CI/CD) processes and concepts
Familiar with REST API technology and methods
Ability to develop scripts in Python (or comparable language)
Experience in OOAD, agile processes, design patterns
Threat modeling experience
Proficient in OWASP top 10 Vulnerabilities, Secure Coding Practices and Security Controls
Familiarity with SCA (Software Composition Analysis) techniques and working with application teams to remediate such vulnerabilities
Managing technical security debt
Desirable Skills:
3+ years minimum software development required (Java or .NET), application security experience, or pen testing
Experience working in an agile environment
Experience with automation
Familiarity with government attestations, including FedRAMP and StateRAMP
Experience with relational database platforms such as MSSQL, MySQL, and NoSQL databases.
Understanding of incident response methods and technologies
Implemented security controls in a global enterprise IT environment
Drive a culture of security awareness
Experience in creating design documents, performing code reviews
Desire to expand knowledge in many development languages, applications, and tools
Proven ability to quickly learn new processes and tools, business domains and technical applications
Ability to think technically and analytically
Ability to assimilate information, distill knowledge, apply experience and provide solution alternatives and recommendations
Must be a self-starter and detail-oriented
Must have a “positive” and energetic demeanor
Effective written and verbal communication skills
Creative problem-solving skills
Experience in containerized and serverless environments
Who we are:At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.Pearson is an Affirmative Action and Equal Opportunity Employer and a member of E-Verify. We want a team that represents a variety of backgrounds, perspectives and skills. The more inclusive we are, the better our work will be. All employment decisions are based on qualifications, merit and business need. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We strive for a workforce that reflects the diversity of our communities.If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing [email protected] that the information you provide will stay confidential and will be stored securely. It will not be seen by those involved in making decisions as part of the recruitment process.Job: ENGINEERINGOrganization: Corporate Strategy & TechnologySchedule: FULLTIMEWorkplace Type:Req ID: 18391#location