The Principal Application Security Automation Engineer will assist Asurion in developing truly secure products by providing best-in-class security automation services to the product development organization, while passionately pursuing personal and organizational excellence in the field of application security and security automation.
Essential Duties and Responsibilities:
- Design and develop solutions in code to provide frictionless integration of security tooling into the CI/CD processes of Asurion’s product teams.
- Use SAST, DAST and other scanning technologies to enhance the security of Asurion products and provide actionable information to development teams to use when addressing security issues.
- Develop automated solutions for web application security assessments, infrastructure-as-code security analysis, and cloud security assurance mechanisms and frameworks.
- Use advanced techniques in machine learning and analytics to model potential attacks and defenses based upon actual data, events, and metrics.
- Support all security automation infrastructure, including infrastructure in the cloud, databases, virtual machines, serverless functions, and container images.
- Provide security automation expertise and direction to central security organization and globally distributed product development organization.
- Build and maintain positive and productive working relationships with product development teams and individuals to serve as a trusted partner.
- Mentor junior application security automation engineers.
- Continuously learn and keep abreast of the latest technical developments in the application/product security, cloud security, and security automation spaces.
- Research and present on relevant security technology, practices, and threats.
- Work closely with a small team of application security and penetration testing staff, in conjunction with product development, to ensure company products and services withstand all foreseen and reasonable attacks.
Here’s what you’ll bring to the team:
- Bachelor’s Degree in Computer Science, Software Engineering, Computer Engineering, Electrical Engineering, Electronics Engineering, or related field
- 5+ years experience working in a security, development or operations role, supporting product development organizations.
- 3+ years of hands-on experience in a security automation role.
- 2+ years experience working in a public cloud environment (preferably AWS or Azure), developing or supporting product development.
- 2+ years experience as a software engineer/developer.
- Working knowledge of Linux and Windows.
- Functional knowledge of Git.
- Significant experience with Burp Suite, OWASP Zed Attack Proxy, Checkmarx, Coverity, Black Duck, Snyk or comparable tools for static and dynamic analysis is highly desirable.
- Strong analytical and problem solving skills is a must.
- Excellent communication (oral, written, presentation) skills is a must.
- Experience mentoring junior engineers toward professional maturity.
- Experience leading small teams of engineers in a fast-paced environment.
- Application security testing experience is highly desirable.
- GPYC, GMON, GWAPT, GXPN, OSCP, OSCE, OSWE certifications are desirable.
- Experience presenting at major security conferences is a plus.