What are the responsibilities and job description for the Principal Application Security Engineer position at First American?
What You'll Do
- Application Security Strategy: Develop, implement, and maintain a comprehensive application security strategy that aligns with the company's business goals and regulatory requirements, utilizing industry-leading tools.
- Security Assessments: Conduct thorough security assessments, including static and dynamic application security testing (SAST/DAST), penetration testing, and code reviews using tools like Veracode and Burp Suite to identify vulnerabilities in our applications. Collaborate with development teams to remediate identified issues.
- Risk Management: Proactively identify and assess security risks associated with applications and systems. Develop and implement risk mitigation strategies to address identified vulnerabilities, ensuring compliance with frameworks such as OWASP, NIST, and ISO 27001.
- Secure Software Development Lifecycle (SDLC): Integrate security best practices into the software development lifecycle. Provide guidance and training to development teams on secure coding practices, security testing methodologies, and the use of development tools such as GitHub and Jenkins for continuous integration and deployment.
- Incident Response: Lead and coordinate incident response efforts related to application security breaches. Conduct root cause analysis and implement corrective actions to prevent future incidents.
- Security Tools and Technologies: Evaluate, implement, and manage security tools and technologies to enhance the security posture of our applications. Stay updated on the latest security trends, emerging threats, and advancements in security technologies.
- Compliance: Ensure compliance with industry standards, regulatory requirements, and internal security policies, including PCI-DSS and SOC 2. Prepare and maintain documentation to support audits and assessments.
- Collaboration: Work closely with cross-functional teams, including development, operations, and compliance, to ensure security requirements are integrated into all phases of the application lifecycle.
- Mentorship: Provide mentorship and guidance to junior members of the security team. Foster a culture of security awareness and continuous improvement within the organization.
What You'll Bring
Required Education, Experience, Certification/Licensure
- Education: Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
- Experience: Minimum of 8-10 years of experience in application security or a related field, with a proven track record of securing complex applications in a fintech environment.
- Certifications: Relevant certifications such as CISSP, CEH, OSCP, or CSSLP are highly desirable.
- Technical Expertise: In-depth knowledge of application security principles, secure coding practices, and security testing methodologies, including proficiency with tools like Veracode, Burp Suite, and development environments like GitHub and Jenkins.
- Analytical Skills: Strong analytical and problem-solving skills, with the ability to identify and mitigate security risks effectively.
- Communication: Excellent verbal and written communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders.
- Leadership: Proven leadership experience, with the ability to lead and coordinate security initiatives across multiple teams.
- Adaptability: Ability to adapt to a fast-paced and dynamic environment, with a strong focus on delivering results.
- Collaboration: Strong interpersonal skills, with the ability to build effective working relationships with cross-functional teams.
Salary Range: $166,800.00 - $222,300.00
This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location
What We OfferBy choice, we don't simply accept individuality - we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it's the right thing to do, but also because it's the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.** Note that the following statements only apply to candidates who will be working from an unincorporated area within Los Angeles County. **
First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act).
First American intends to conduct a review of an applicant's criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements.
Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.First American invests in its employees' development and well-being, empowers them to provide superior customer service and encourages them to serve the communities where they live and work. First American is committed to diversity and inclusion. We are an equal opportunity employer.
Salary : $166,800 - $222,300
