Application Security Engineer

Job Description

Application Security Engineer Position

Pearson is a Global organization that does business in nearly every country; the majority of our systems are cloud based, using modern infrastructure and development practices. Pearson services a number of federal and highly sensitive workloads, ensuring security is routinely prioritized.

While we have a global reach, impacting the lives and work of many, we are a close-knit and passionate team of engineers with expertise ranging across the board in the realm of Cybersecurity. Here, you will always be a stone's throw away from exciting projects with many opportunities for growth and developing knowledge in cutting-edge technologies.

As an Application Security Engineer, you will be responsible for ensuring the holistic security of various applications and services used throughout the organization. You will be working with various application teams throughout the organization to ensure security best practices are adopted and implanted throughout the SDLC. You will work to identify, track, and advise the application teams to remediate vulnerabilities and the associated risks. Vulnerailities may come from various tools and testing done by yourself or other internal or third-party penetration testers.

The primary job responsibilities include :

Engagement with internal and external partner teams

Collaborate with product and platform teams on security controls

Plan, implement, upgrade, and monitor security measures related to application security

Collaborate with functional area architects, engineers, and security specialists across Pearson to implement suitable security solutions and controls.

Provide security expertise and assist project teams in adhering to enterprise and IT security policies, industry regulations, and best practices

Evaluate Pearson's current security and future architecture, offering solutions to address any gaps.

Assess and understand the current and planned security posture for platforms, provide recommendations for improvements and risk reduction

Develop security configuration standards, procedures, and guidelines for various platforms, including baseline security configurations and hardening guides.

Communicate security risks and solutions to business partners and IT staff

Coach developers on application security

Implement industry-leading security engineering practices across the organization.

Escalate and document risks when observed

• Secure DevOps / Secure SDLC

Perform threat modeling

Perform thorough security reviews of software applications.

Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk

Assist with configuring Web Application Firewalls (WAF)

Assist with the tuning of Runtime Application Self Protection (RASP) tools

Assist in security incident response efforts as necessary

Aid teams in implementing appropriate logging practices

Collaborate with security operations teams to develop detection capabilities

Conduct research, design, and advocate for new technologies and security products that fulfill the security requirements of the enterprise, as well as those of its customers, business partners, and vendors.

Contribute to the development and maintenance of the information security strategy

Administer, configure, and support security tools

Assist with adoption of new / existing security tools as needed

Create / support integrations of security tools into central analytics system

Embrace a culture of continuous service improvement and service excellence

Stay up to date on security industry trends

Essential Skills :

Desirable Skills :