Application Security LeadApply Now Draper, UT
The Application Security Lead provides consulting and guidance to the engineering and product teams with the security expertise necessary to make secure application decisions. Members of this team manage our code vulnerability programs including red teaming, manual review, and static and dynamic code analysis.
What You'll Do:
- Assist in the specification, design, and documentation of security solutions, including operational processes
- Serve as a Trusted Partner to educate Development Teams on Security Best Practices
- Drive the identification process for identifying security vulnerabilities, designing and executing on remediation plans involving the acquisition, design, test, integration, and implementation of advanced security tools
- Develop security tools to find or fix security issues. Use both automated and manual testing tools to find and validate vulnerabilities in our applications
- Work as a security team to execute programmatic scans, pen-testing, red/blue/purple teaming, offensive security testing, threat modeling and bug bounty programs
- Support security and technology operations to maintain availability and security of deployed applications
- Support the operation of vulnerability scanning, and perform analysis and prioritization of the results
- Analyze and correlate application security vulnerabilities.
- Working knowledge of Secure SDL
- Knowledge of SAST and DAST
- Familiarity with industry changes in security standards, information governance, development standards, methods and emerging 3rd party security software in order to advise on security and leverage industry best practice in the design and construction of products
- Provide support for Security Operations and Incident Response
Minimum Experience & Qualifications:
- Demonstrated technical expertise and understanding of modern development, languages, and cloud platforms
- Minimum of 8 years' experience managing a SDL (Secure Software Development Life Cycle) that integrates security into all stages of software development process for a large development organization
- Bachelor's degree in computer science or related discipline, or equivalent work experience
- Minimum of 8 years' experience as a lead engineer or engineering manager or enterprise Tech solutions architect
- Strong knowledge of TCP/IP, the OSI model, DNS, HTTP, VPN, routing & switching, and load balancer technologies for virtual and physical networks
- Strong knowledge of threats to include common attack vectors, methodologies and payloads/exploits
- Ability to troubleshoot complex networks
- Ability to design, implement and administrate security solutions, e.g., firewalls, proxies, WAFs, DLP, IDS/IPS, malware detection, packet capture and analysis tools, etc.
- Operational experience with security logging, event correlation, and SIEM technologies
- Operational experience configuring and managing virtual and cloud-based environments
- Knowledge of endpoint security technologies; e.g., antivirus, HIPS, FIM, etc.
- Knowledge of secure configuration management across multiple platforms
- Knowledge of Information Security program development, and roadmap design aligned to security policies, standards, guidelines, etc.
- Knowledge of penetration testing methodologies and practices
- Knowledge of forensic practices and chain of custody processes
- Working knowledge of ITIL including incident, problem, and change management
- Information security industry recognized certification(s) highly recommended – GSEC, CISSP, CEH, GCIH
- Curious, inquisitive, innovative, lifelong learner and self-starter
- Strong documentation and communication skills
- Clear on responsibilities yet flexible and willing to “carry water” during times of ambiguity
- Able to effectively give, receive, and respond to feedback
Compensation, Perks & Benefits:
- Competitive Compensation with Bonus Potential
- Full Health Benefits - Medical/Dental/Vision
- 401k, Paid Time Off and Tuition Reimbursement
- Full Service Gym, Game and Lounge Area, Basketball Court
- Free Healthy Snacks and Refreshments
- Subsidized Public Transit
- Fun and Relaxed Work Environment
WHO IS PROGRESSIVE LEASING?
Prog Leasing, LLC, a wholly-owned subsidiary of Aaron’s, Inc (NYSE: AAN), is the largest and longest-tenured virtual lease-to-own provider in the United States. The company’s mission is to provide simple and affordable purchase options for credit-challenged consumers. Over the last 19+ years, Progressive Leasing’s fair and transparent NO CREDIT NEEDED lease-to-own option has helped millions of customers and their families, even if they have less-than-perfect credit or an inability to pay for their purchase upfront. Progressive has also helped more than 27,000 retail stores drive increased revenue and improve customer satisfaction. Learn more athttp://www.progleasing.com.
Progressive Leasing does notdiscriminatein any aspect of employment on the basis of race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by federal, state, or local employment discrimination laws where Progressive Leasing does business.