Job Overview
Senior Application Security Engineer
Role purpose
The Enterprise Application Security team is responsible for protecting Pearson’s commercial digital products and data, our learner’s data, and Pearson’s internal applications. By employing a blend of technology, developer training, test integration, and process automation, the Application Security team’s goal is to reduce our risks and provide ongoing Internet safe-havens for our learners.
Within this team, the Senior Application Security Engineer is responsible for supporting exisintg application security inititiaves, performing SAST, DAST, SCA and executing application-level penetration tests against various, complex applications which are developed inhouse and third parties, assess the risk of each application and communicate findings to wider business stakeholder audience.
Responsibilities
As a direct report to the Head of of Application Security, you will have the following accountabilities:
- Support global Application Security initiatives and BAU operations
- Scope and perform penetration tests against large scale, complex applications including web, mobile and thick/thin client applications.
- Closely working with the software development community and based on their own strong development background with prominent web or mobile development languages and frameworks; provide advanced security remediation advice directly to development and testing teams.
- Provide expert-level guidance to security analysts, testers, and development teams during application security assessments. Must be able to identify, re-create, and remediate security defects.
- Understand HTTP, REST, SOAP, XML and JSON as it relates to APIs and AJAX
- Work with SAST/DAST/SCA/RASV tools and support Application Security BAU operations
- Flexibility to cross-skill and engage in other security domains such as Cyber Threat Management, Identity and Access Management, Cyber Transformation, Business Resilience and Data Loss Prevention and Privacy.
- Working knowledge of automated application security-related commercial and opensource tools
- Experience implementing and integrating Selenium into security / regression testing a plus;
- Experience using and testing REST and/or SOAP APIs;
- In-depth knowledge on common web application security flaws and secure coding practices and the ability to clearly explain security issues to project and development staff;
- Ability to prioritize and track security issues and work with the necessary teams to ensure remediation;
- Serve as a leader by promoting security awareness, mentoring other team members, and staying up to date on current development methodologies (Agile/DevOps);
- Embrace a culture of continuous service improvement and service excellence; and
Stay up to date on security industry trends.
Skills and Experience
8+ years in Information Security space and minimum 5 years experience in Application/Software Security industry
- In-depth understanding of OWASP framework and its practical usage
- Strong hands-on experience with Application-level testing (SAST/DAST/SCA/Manual assessment) and tooling
- Strong experience with modern scripting languages
- Strong experience with SDLC, modern development languages and frameworks, with a passion to make security realistic, achievable, and interwoven with the business fabric.
- Strong understanding of Cloud (AWS and Azure) platforms
- Strong oral, written, and presentation abilities – able to convey risk to all levels of the business, from C-level executives to operations and development teams.
- Strong understanding of web applications and architectures, relational and non-relational databases, and hardware architectures, and effectively applying the principles of information security to IT environments
- Strong understanding of modern application development and operational philosophies
- Experience with commercial SAST/DAST/SCA/RASP tools
- Current understanding of Industry trends and emerging threats; and
Learning is the most powerful force for change in the world. More than 20,000 Pearson employees deliver our products and services in nearly 200 countries, all working towards a common purpose – to help everyone achieve their potential through learning. We do that by providing high quality, digital content and learning experiences, as well as assessments and qualifications that help people build their skills and grow with the world around them. We are the world’s leading learning company. Learn more at pearsonplc.com.
Job Detail
- Offered SalaryNot Specified
- Career LevelSenior Executive
- ExperienceMore than 5 Years
- GenderBoth
- INDUSTRYComputer and technology
- QualificationNot Specified