Security Accountability Engineer - Application Security Engineer
Client:: Pearson
Location:: Anywhere in USA
Duration:: 6 Months Extendable
 
Description
As an SAE you will be responsible for testing, designing and implementing security controls and solutions driven by Central Security team and company policies and standards to reduce the risk to Pearson Learning Platform and its customers. This includes enterprise-level design work for system security, cloud security, identity and access management, data protection and many more.
 
The Security Engineer is a member of the Development team and is responsible for reviewing security designs, implementing technical security controls, and designing security solutions. They will help implement the information security design, enforce compliance with security policies and controls and function as a technical security expert on various projects.
 
Key Skills
 

• Development background - Expertise in technologies used in development (Java, CI/CD, Cloud)
• Application Security - Understand OWASP top 10, ability to identify false positives, work with different security technologies)
• Prioritize and accountable for all security related items in the product ,train the other development teams as necessary
• Ability to push security changes to production as part of software development process - Perform remediation

 
Responsibilities
 
Keep track of CISO acceptance criteria for the product
o Static scans, Dynamic scans, Pen Test, Infrastructure, Container, Cloud scans
 
o Privilege User, Encryption, Key Management Security backlog
 
o Create change controls when necessary
 
o Part of SAE Community and help Pearson reduce risk
 
Security controls and best practices
 

• Work closely with product and platform teams to implement security controls
• Plan and monitor security measures
• Work closely with functional-area architects, engineering, and security specialists throughout Pearson Learning Platform (PLP) to ensure adequate security solutions and controls are in place throughout all
• PLP systems, cloud systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements;
• Provide security subject matter expertise and help project teams comply with enterprise and IT security policies, industry regulations, and best practices;
• Assess and understand PLP current security posture and future architecture, providing a viable solution path to bridge the gap;
• Assess and understand the current and planned security posture for platforms (e.g. servers, databases, web servers), providing recommendations for improvement and risk reduction;
• Design security configuration standards, procedures, and guidelines for platforms such as baseline security configurations and hardening guides;
• Communicate security risks and solutions to business partners and IT staff;
• Coach developers on application security
• Recognize, adopt, and instill industry leading practices in security engineering throughout the organization
• Correctly balance security risk and product advancement
• Secure DevOps/Secure SDLC
• Identify and execute on opportunities to automate internal, cloud and platform security controls;
• Provide subject matter expertise on, and conduct in-depth security reviews of software applications
• Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk;
• Incident Response
• Support security incident response as required;
• Research
• Researches, designs, and advocates new technologies and security products that will support security requirements for the enterprise and its customers, business partners, and vendors;
• Contributes to the development and maintenance of the information security strategy;
• Evaluates and develops secure solutions, based on approved security architectures;
• Security Tooling
• Administer, configure, and support security tools
• Assist with adoption of new/existing security tools as needed
• Create/support integrations of security tools into central analytics system
• Embrace a culture of continuous service improvement and service excellence;
• Stay up to date on security industry trends.

 
Qualifications
 
Required Education & Experience
 

• Bachelor's degree in Computer Science, MIS, or equivalent technology discipline
• Familiar with OWASP Secure Coding Practices, Continuous Integration/Continuous Deployment (CI/CD) processes/concepts, REST API technology and methods, and common security vulnerabilities and fixes
• Proven ability in security process and organizational design
• Current understanding of industry security trends and emerging threats
• 3 years minimum Java development required
• 3 years programmatic interaction with relational database systems
• Current technology stack: Spring, Java, Reactive Programming
• Experience in OOAD, agile processes, design patterns, SQL and UML

 Kiran Kumar
Key Business Solutions, Inc.
|| Office: 916 646 2080 Ext 224 || Fax: 916 646 2081 || Email: kiran@keybusinessglobal.com || Gtalk: kiranjabukeysoft@gmail.com
Note: This email is not intended to be a solicitation. Please accept our apologies and reply in the subject heading with REMOVE to be removed from our Mailing list.