Send me more jobs like this

Application Security Engineer

Keywords / Skills : Application Security, Web Application Security, Penetration Testing, source code review, vulnerability assessment

8 - 13 years
Posted: 2019-06-03

Nationality
India
Industry
IT/Computers - Software
Function
IT
Role
Security Analyst
System Security - Engineer
Posted On
3rd Jun 2019
Job Description
Currently we have below requirement with our premier client –ALLSTATE –Bangalore Location.
Allstate Solutions Private Limited (www.allstate.com ): The Allstate Corporation, based in Chicago, USA is the largest publicly quoted personal lines insurer in the USA, with over US$30 billion in annual revenues; Allstate is established in the year 1931. Allstate was number 93 on the Fortune 500 list of largest companies in America. The Allstate Corporation encompasses approximately 70,000 professionals made up of employees, agency owners and staff. Allstate Solutions Private Limited (ASPL) was established in 2012 to provide high quality software development services and business process outsourcing solutions in support of its U.S. parent's global operations. ASPL is a wholly owned subsidiary of Allstate corporation. ASPL will play a strategic role in developing, transforming and maintaining the various technology platforms used within Allstate, to support it in its day to day business, looking after the different systems that you might expect one of the world's largest insurance giants to run
Position: Application Security Engineer
Experience: 8-13 Years
Job Family Summary: Allstate Technology & Strategic Ventures (ATSV) team is embarking on a journey to integrate security inside the software development lifecycle. Application Security is tasked to develop a security framework within the Allstate SDLCs, establish a software security assurance process, and work with product delivery teams to build applications securely from start to finish.
Job Summary: The Application Security Engineer will be responsible for integrating security into the development of Allstate’s applications. The Application Security Engineer will work closely with the product and software development team to threat model, vulnerability scan, and pen test the early software, system, and network architecture and identify required control points in the application stack. The Application Security Engineer will also work closely with developers to diagnose, document, and remediate application security vulnerabilities. The Application Security Engineer will also be responsible for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.
Key Responsibilities:
• Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.
• Develop and maintain a balanced application security program based on a well-defined application security framework
• Conduct application security assessments / penetration tests and implement tools for dynamic/automated code reviews
• Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments.
• Ensure compliance with society, regulatory, and industry standards for application security.
• Continuously evaluate the organization’s existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
• Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
• Conduct code reviews and penetration testing
• Develop and maintain unit and integration tests designed to ensure security controls are tested on every build
Knowledge/Skills/Abilities/Experience:
• 5 years’ experience as an Application Security Engineer, Application Developer, Architect, or Software Quality Assurance.
• Highly proficient with development languages including Java, .NET, Node.js, Go
• Organized, responsive and highly thorough problem solver
• College degree with advanced degree preferred.
• Possess strong business acumen with ability to work with application development, QA and security teams.
• A strong understanding of application security frameworks
• Thorough knowledge of the OWASP Top 10
• Must have a solid understanding of application security code reviews and penetration testing.
• Practical understanding and use of commercial application security tools
• Strong self-starter who has the ability to operate independently.
• Has solid understanding and experience with establishing application security policies across an organization.
• Excellent oral/written presentation skills with ability to communicate effectively with senior executive leadership; proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement and performance.
• Understanding and Passion for Agile/XP/Scrum/Kanban
• Understanding of Test Driven Development built on User Stories
• Understanding of Continuous Integration/Testing/Delivery
Familiarity with Metasploit, Burp Suite, Fuzzing, Gaunlt, and Jenkins is preferred
Functional Competencies – Proficiency level
• Software Engineering: 5
• Dev Sec Ops: 3
• Dev Ops: 3
• Continuous Integration: 4
• Security Governance: 4
• Testing: 3
• Scripting: 4
• Thriving in Change: 4

About Company

Valutek is a boutique HR Consulting company with specialization in providing senior and middle management staffing solutions for leading corporations and their captive centers in India. With a mission to be one stop shop for all staffing needs as well as a long term relationship focus has enabled Valutek to be among the Top 3 vendors at all its customers. Most customer relationships are more than 3+ year old strengthened by value added services delivered year on year by the committed team of recruiters.  Valutek is consistently rated on par to its bigger industry peers due to the quality of profiles, interest in understanding the need as well as ability to keep the candidates engaged throughout the process. Our team specializes in:
Permanent staffing
Staff augmentation consulting
Contract Staffing Services
Similar Jobs
View All Similar Jobs
Walkin for you