Security Engineer

Job Role: Security Engineer

Location : Phoenix AZ

Type: Fulltime

**Job Description:**

- Conducts security risk assessments of applications with respect to design and implementation of system and application code

- Develop and manage security governance processes and procedures for the threat modeling program and application security design & devsecops programs.

- Assist in the development of threat modeling governance documentation.

- Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.

- Develops reports for management concerning residual risk and non-compliance.

- Monitor and track compliance with application owners to ensure implementation of security controls as planned.

- Review issued security controls with application owners to ensure identified requirements are implemented.

- Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.

- Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.

- Develop, Maintain, update and enhance secure design patterns and secure coding standards.

- Develop, Maintain, update and enhance threat libraries.

- Socialize secure design patterns and secure coding standards with engineering teams.

- Assist application teams with threat modeling consultancy questions.

- Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams.

- Develop innovative attack techniques to foil protective design and in-place mitigations.

- Participate in the development of strategies for information security processes and programs.

- Support the investment decision process by developing business cases and cost benefit analysis

- Create reports and other materials to assist in prioritizing activities related to various threats to applications.

- Recommend resource types and skillsets required to resolve project and process issues.

- Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data

- Provide ongoing awareness and education of industry efforts and statistics relevant to information security.

- Develop and define IT and information security standardized metrics and criteria.

- Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations.

- Facilitates Agile events that help the team deliver value incrementally and iteratively

- Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE.

- Supports the team in achieving the PI objectives.

- Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.