Senior Application Security Engineer

Senior Application Security Engineer

Vacancy expired!

Company Summary

Join our team! As a global leader in providing title insurance, settlement services and risk solutions for real estate transactions, First American (NYSE: FAF) is an ideal place to build your career. We have been entrusted with helping our customers achieve and protect their dream of homeownership since 1889. We believe that our people are the key to the company's continued success, and we invest in diverse talents and backgrounds and empower our teams to achieve more than they could anywhere else. First American has created an award-winning culture and has been named to the Fortune 100 Best Companies to Work For list for the fifth consecutive year and to more than 50 regional Best Places to Work lists. For more information, please visit www.careers.firstam.com

Job Summary

Senior Application Security Engineer

Summary

First American is dedicated to providing a challenging learning environment where you can develop your AppSec skills and support for continuous learning will be offered. You will progress your career by building solutions that can scale both technically and organizationally, while working with industry leading tools and services. Join our fast paced and growing AppSec team to help protect our customer's data and provide accurate AppSec solutions to our developers.

Job Requirements

We are seeking an Senior Application Security Engineer to join our AppSec team to help build, operate and mature our large scale application security program. The role will require both offensive and defensive capabilities.

Candidate attributes must include a bright willingness to learn, high motivation to self-develop and:

• 5+ years of experience in application development or information security
• Experience with common language frameworks including C# .Net, Java, Javascript (Express, NodeJS), Python, Ruby on Rails
• (Non-Developer background) Willingness to take a test in HackerRank or similar to confirm secure coding ability
• Knowledge of OWASP Top 10 and SANS CWE Top 25 Secure Coding standards
• Experience performing secure code reviews to analyze for vulnerabilities and recommending code changes for remediation. Ability to provide training to developers on secure code practices
• Experience performing Threat Modeling on complex applications to map the end to end flow of sensitive code in order to identify gaps in security controls
• Experience performing application security architecture reviews, including on supporting cloud infrastructure
• Familiarity and the ability to operate with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Veracode, Checkmarx, etc.
• Ability to plan and execute technical application security assessments on web applications and APIs within cloud hosted environments (Azure, AWS, Google Cloud Platform) and collaborate with red teams to plan targeted pen testing
• Ability to document and effectively communicate technical findings to developer teams and evangelize security practices
• Experience with common security/privacy frameworks such as CCPA, NIST Common Security Framework, NST 800-53, PCI DSS, ISO 27001, etc.
• Familiarity with Web Application Firewalls (WAF) and CDNs (Cloudlfare Akamai)
• Deep understanding of network and web application protocols (HTTP, TCP/IP, SAML 2.0, OAuth 2.0, Rest APIs, etc.)
• Experience and familiarity with bug bounty programs
• Experience with scripting in order to automate processes where possible

You will be a key member of the Information Security group; leading a team responsible for our overall secure Software Development Life Cycle (SDLC) program. The Application Security program is designed to ensure that any software developed by our engineers meets our overall security goals to protect our data. The successful candidate will work with a group tasked with coordinating across many functional teams to ensure that our applications stay at the highest security level. In a dynamic rapidly growing organization, you will be required to be innovative and collaborative in order to be successful.

#dice

First American invests in its employees' development and well-being, empowers them to provide superior customer service and encourages them to serve the communities where they live and work. First American is committed to diversity and inclusion. We are an equal opportunity employer.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401K and other great benefits like an employee stock purchase plan. For more information about our Company and our dedication to putting People First, check out firstam.com/careers.