Application Security Engineer
Posted on Feb 14, 2020 by Allstate
Where good people build rewarding careers.
Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.Job Description
*In addition to Chicago, IL, we are open to candidates in the Charlotte, NC & Dallas/Fort Worth, TX markets to work in our offices in those locations.*
Allstate Technology & Strategic Ventures (ATSV) team is embarking on a journey to integrate security inside the software development lifecycle. Application Security is tasked to develop a security framework within the Allstate SDLCs, establish a software security assurance process, and work with product delivery teams to build applications securely from start to finish.
The Application Security Engineer will take ownership for integrating security into the development of Allstate's applications. The Application Security Engineer will work closely with the product and software development team to threat model, vulnerability scan, and pen test the early software, system, and network architecture and identify required control points in the application stack. The Application Security Engineer will also work closely with developers to diagnose, document, and remediate application security vulnerabilities. The Application Security Engineer will also be responsible for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.
- Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.
- Develop and maintain a balanced application security program based on a well-defined application security framework.
- Conduct application security assessments/penetration tests and implement tools for dynamic/automated code reviews.
- Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments.
- Ensure compliance with society, regulatory, and industry standards for application security.
- Continuously evaluate the organization's existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
- Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
- Conduct code reviews and penetration testing.
- Develop and maintain unit and integration tests designed to ensure security controls are tested on every build.
.*Ideal candidate would be 50% programmer/50% hacker.*
Examples of qualifications that resemble this profile are as follows:
- 4+ years' experience in software dev field such as Software Developer/Architect, Software QA, or App Security Engineer
- Proficient in at least one of the following languages: Java, .NET, Node.js, or Python
- Understand application architectural patterns, such as MVC, Microservices, Event-driven etc.
- Solid business acumen with ability to work with App Dev, QA and Security teams
- Possess a restlessness or desire to break into things
- Knowledge of OWASP Top 10
- Solid experience with establishing software dev policies across an organization
- Excellent oral/written presentation skills with ability to communicate effectively with senior executive leadership; proficiency in preparation of presentations and analytical reports
- Understanding and passion for Agile/XP/Scrum/Kanban
- Solid Container DevOps experience
- Familiarity with Metasploit, Burp Suite, Fuzzing, Gaunlt, and Jenkins preferred
- Familiarity with code reviews and penetration testing preferred
- PCF exposure preferred
- College degree with advanced degree preferred. OSCP, OSCE, or OSWE Certifications are a major plus
The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.
Good Work. Good Life. Good Hands®.
As a Fortune 100 company and industry leader, we provide a competitive salary - but that's just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you'll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.
Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video .
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.
It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.
Set up alerts to get notified of new vacancies.