Application Security Engineer
Company: MassMutual
Location: Boston
Posted on: November 12, 2024
Job Description:
The OpportunityWe are seeking an experienced Application
Security Engineer to join our Software Security team and take
charge of ensuring the security and integrity of our software
applications. The ideal candidate will have advanced knowledge of
secure software development, extensive experience with identifying
vulnerabilities, and the ability to implement robust security
solutions. This role will require collaboration with development
teams, security architects, and other stakeholders to integrate
security best practices into all stages of the software development
lifecycle.The ImpactYour key responsibilities will consist of the
following to ensure applications are resilient against emerging
threats, reducing potential financial and reputational damage from
security incidents.
- Conduct in-depth security assessments, including vulnerability
scanning, and code reviews.
- Leverage automated tools and manual testing techniques to
identify, risk assess and prioritize and propose mitigation
strategies for identified threats and application-level
vulnerabilities (e.g., OWASP Top 10, etc.) ensuring our
applications meet security standards and reducing exposure to data
breaches.
- Collaborate with security architects to design secure
application architectures that align with industry best
practices.
- Ensure secure coding practices are followed, and security
controls are incorporated into software designs.
- Conduct detailed threat modeling to identify attack vectors and
potential weaknesses.
- Collaborate with our SDLC Council to develop and maintain
secure coding standards, empowering developers to integrate
security into the development process.Partner with DevOps teams to
implement security within CI/CD (continuous integration & delivery)
pipelines for automated and seamless deployment of secure
code.
- Assist in incident response activities related to application
security breaches, providing rapid identification and mitigation
guidance.
- Ensure compliance with security regulations, frameworks, and
industry standards such as OWASP.
- Leverage reporting tools to demonstrate the overall risk
through metrics (KPIs, KRIs, OKRs) of vulnerabilities and code
defects to MassMutual's cyber assets for various team leaders and
executive leadership for risk prioritization and enablement of
risk-based decision-making.
- Stay up to date with the latest security threats,
vulnerabilities, and industry trends to inform and improve security
strategies.
- Strong problem-solving abilities and analytical thinking.
- Excellent communication skills to explain security issues to
both technical and non-technical stakeholders.
- A team player with the ability to work in a collaborative,
fast-paced environment.The Minimum Qualifications
- Bachelor's or Master's degree in Computer Science, Information
Security, or a related field.
- Minimum of 5+ years of experience in application security,
penetration testing, or secure software development.The Ideal
Qualifications
- Relevant security certifications such as CEH, OSCP, or GWAPT)
from an industry recognized certifier (e.g., SANS/GIAC, CompTIA,
ISACA, ISC2, etc.)
- Strong knowledge of secure software development methodologies,
including threat modeling, code reviews, and static/dynamic
analysis.
- Experience in integrating security into DevOps (DevSecOps) and
CI/CD environments.
- Strong technical knowledge of web application security, cloud
security (AWS, Azure, GCP), mobile security, infrastructure as code
(IaC), container security, and API security.
- Familiarity with SAST, DAST, and IAST tools.
- Deep understanding of common vulnerabilities (e.g., OWASP Top
10) and their mitigations.
- Advanced understanding and experience with writing source code
(e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity
with software security frameworks (e.g., Maven, Node, Gradle,
etc.).
- Experience with identifying security vulnerabilities/defects in
dockers, containers, and Kubernetes.
- Experience with cloud deployment and automation tools
(Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates,
Secrets Managers).
- Knowledge of compliance and regulatory frameworks (SOC 2,
etc.).What to Expect as Part of MassMutual and the Team
- Focused one-on-one meetings with your manager
- Access to mentorship opportunities
- Networking opportunities including access to Asian,
Hispanic/Latinx, African American, women, LGBTQ, veteran and
disability-focused Business Resource Groups
- Access to learning content on Degreed and other informational
platforms
- Your ethics and integrity will be valued by a company with a
strong and stable ethical business with industry leading pay and
benefits#LI-SC1MassMutual is an Equal Employment Opportunity
employer Minority/Female/Sexual Orientation/Gender
Identity/Individual with Disability/Protected Veteran. We welcome
all persons to apply. Note: Veterans are welcome to apply,
regardless of their discharge status.
If you need an accommodation to complete the application process,
please contact us and share the specifics of the assistance you
need.
Keywords: MassMutual, Portland , Application Security Engineer, Other , Boston, Maine
Didn't find what you're looking for? Search again!
Loading more jobs...