Apply now »

Application Security Engineer

JOB SNAPSHOT: 
Employee Type:  Full-Time
Location: 

Chicago, IL, US, 60601

Job Type:  Information Technology
Secondary Location: 
Years of Experience: 

Ryan Specialty Group is looking for an Application Security Engineer to join our Chicago team. We are a fast paced, energetic and rapidly growing organization that offers a great opportunity for someone interested in further developing their career. Ryan Specialty Group has been named one of the Best Places to Work 2020 by Business Insurance, and has been named 2020 top Insurance Workplace by Insurance Business America.

Position Summary:

The Application Security Engineer will report directly to the Chief Information Security Officer and be responsible for all aspects of Application Security at RSG. You will oversee our SAST and DAST programs, manage third party web application penetration testing, assist development teams with remediation questions, and ensure training is being completed. You will also be responsible for developing and communicating secure development policies, processes and procedures and ensuring teams are in compliance. Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders and individual contributors.    

Essential Functions:

  • Support application security reviews and threat modeling, including overseeing the automated code review and dynamic security testing processes. 
  • Own and perform application security vulnerability management, including overseeing third parties providing SAST, DAST, web application penetration testing, WAF, etc. 
  • Support and consult with application development teams in the area of application security, including explaining vulnerabilities and weaknesses in the OWASP Top 10 and recommending effective defensive techniques.  
  • Oversee the security development training process and manage and update secure development policies, standards and procedures. 
  • Work with the security champions to ensure that secure coding best practices are being used.
  • Guide and advise product development teams as SMEs in the area of application security.
  • Participate and assist in initiatives to address vulnerabilities found in a functional area.
  • Guide development teams to design secure solutions for upcoming initiatives
  • Support the incident response and architecture review processes whenever application security expertise is needed.
  • Oversee third party developers to ensure they are conforming to our internal processes, such as code reviews, SAST scans, and assist with security assessments of same. 
  • Provide guidance on secure management of application related secrets. 
  • Work with the CISO on the development of security metrics, assisting in compliance audits, and continuous security improvements.

Education/Experience/Skills:

  • Bachelor's degree in Computer Science/Engineering/Information Security.  
  • Minimum 3 years application security experience.
  • CISSP or comparable Information Security certification preferred.
  • Ability to approach application security from the perspective of risk management and avoid purely academic thinking about software security. Demonstrable ability to influence decision‐making processes at all levels of a large organization.
  • Experience writing and testing web applications and web services using modern languages and frameworks, such as C#, .NET, JavaScript, and TypeScript. 
  • Familiarity with a variety of development and testing tooling, as well as methodologies utilized by development teams, including: Version control, continuous integration and delivery, automated build and deploy pipelines, infrastructure and configuration as code, configuration management, automated web testing frameworks, observability systems, and public cloud platforms. 
  • Strong understanding and experience with common security libraries, security tools, security flaws and controls, including static/dynamic analysis. 
  • Familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
  • Familiarity with cloud security controls and best practices.
  • A basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

Disclaimer

Ryan Specialty Group is an Equal Opportunity Employer


Nearest Major Market: Chicago

Apply now »