Java Security Engineer
Vacancy expired!
Description
As an SAE you will be responsible for testing, designing and implementing security controls and solutions driven by Central Security team and company policies and standards to reduce the risk to Pearson Learning Platform and its customers. This includes enterprise-level design work for system security, cloud security, identity and access management, data protection and many more.
The Security Engineer is a member of the Development team and is responsible for reviewing security designs, implementing technical security controls, and designing security solutions. They will help implement the information security design, enforce compliance with security policies and controls and function as a technical security expert on various projects.
Key Skills
Development background - Expertise in technologies used in development (Java, CI/CD, Cloud)
Application Security - Understand OWASP top 10, ability to identify false positives, work with different security technologies)
Prioritize and accountable for all security related items in the product ,train the other development teams as necessary
Ability to push security changes to production as part of software development process - Perform remediation
Responsibilities
- Keep track of CISO acceptance criteria for the product
o Static scans, Dynamic scans, Pen Test, Infrastructure, Container, Cloud scans
o Privilege User, Encryption, Key Management Security backlog
o Create change controls when necessary
o Part of SAE Community and help Pearson reduce risk
Security controls and best practices
Work closely with product and platform teams to implement security controls
Plan and monitor security measures
Work closely with functional-area architects, engineering, and security specialists throughout Pearson Learning Platform (PLP) to ensure adequate security solutions and controls are in place throughout all
PLP systems, cloud systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements;
Provide security subject matter expertise and help project teams comply with enterprise and IT security policies, industry regulations, and best practices;
Assess and understand PLP current security posture and future architecture, providing a viable solution path to bridge the gap;
Assess and understand the current and planned security posture for platforms (e.g. servers, databases, web servers), providing recommendations for improvement and risk reduction;
Design security configuration standards, procedures, and guidelines for platforms such as baseline security configurations and hardening guides;
Communicate security risks and solutions to business partners and IT staff;
Coach developers on application security
Recognize, adopt, and instill industry leading practices in security engineering throughout the organization
Correctly balance security risk and product advancement
Secure DevOps/Secure SDLC
Identify and execute on opportunities to automate internal, cloud and platform security controls;
Provide subject matter expertise on, and conduct in-depth security reviews of software applications
Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk;
Incident Response
- Support security incident response as required;
Research
Researches, designs, and advocates new technologies and security products that will support security requirements for the enterprise and its customers, business partners, and vendors;
Contributes to the development and maintenance of the information security strategy;
Evaluates and develops secure solutions, based on approved security architectures;
Security Tooling
Administer, configure, and support security tools
Assist with adoption of new/existing security tools as needed
Create/support integrations of security tools into central analytics system
Embrace a culture of continuous service improvement and service excellence;
Stay up to date on security industry trends.
Qualifications
Required Education & Experience
Bachelor's degree in Computer Science, MIS, or equivalent technology discipline
Familiar with OWASP Secure Coding Practices, Continuous Integration/Continuous Deployment (CI/CD) processes/concepts, REST API technology and methods, and common security vulnerabilities and fixes
Proven ability in security process and organizational design
Current understanding of industry security trends and emerging threats
3 years minimum Java development required
3 years programmatic interaction with relational database systems
Current technology stack: Spring, Java, Reactive Programming
Experience in OOAD, agile processes, design patterns, SQL and UML
#LI-POST
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.
Primary Location: US-RE-Remote
Job: Technology
Organization: Technology & Operations
Employee Status: Regular Employee
Job Type: Standard
Shift: Day Job
Job Posting: Oct 16, 2020
Job Unposting: Ongoing
Schedule: Full-time Regular
Req ID: 2008845
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.
Vacancy expired!