First American
Hybrid or Remote - Application Security Engineer-Information Security
First American, Santa Ana, California, 92725
Who We Are Join a team that puts its People First Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for nine consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com. What We Do The Security Engineer is responsible for providing operational security solutions that would enable the success of IT and business initiatives. Security Engineer interfaces with IT Groups across the company, client managers, business customers, third-parties, vendors, and auditors. The Security Engineer co-designs (along with Security Architect) and operationalizes security solutions that can be effectively delegated to Security Analysts or other support/operations functions. The scope of Security Engineers extends across technical and administrative controls that enable the protection and availability of business and IT systems. The Security Architect is responsible for defining the organizations information security architecture and standards and creating prioritized risk based upon technical security control roadmap. The Security architect will coordinate technical design/review activities and develop secure architectural frameworks, operational guidelines and metrics to support a secure computing environment consistent with the organizations Information security policies, standard and overall strategy security risks for the company. What You'll Do Strong ability to work with stakeholders and being able to explain code issues and fixes to development community. Work closely with developers on a day-to-day basis to ensure all projects follow the SDLC process and all code in the environment is scanned and remediated. You will be responsible for managing respective code scanning tools in the stack and day to day operational management of the tools. Interface with development and security architecture teams on topics related to application security. For example: vulnerability remediation, best practices, threat modeling, etc. Interface with the vulnerability management team to ensure vulnerabilities identified are reported and validated according to SLA's Develop KPIs and KRIs for the Enterprise Application Security program. Some manual testing activities validate vulnerability or penetration testing findings Weekend and night work may be needed at times based on project, support, and business needs. What You'll Bring Bachelors degree in Information Security or Computer Science or equivalent experience 5 years of experience in Application Security Experience with AWS, Azure, or GCP cloud platforms Experience with APIs and DevSec practices Strong understanding of web application security principles Experience with security testing tools and methodologies Development background with one or more of programming languages, C#, C++, Java, Python, .Net Experience performing manual code reviews Experience in developing and maturing CI/CD pipeline with regards to code quality and detecting vulnerabilities. Expert knowledge of OWASP Top 10 or CWE as well as understanding of common software threats and mitigations Bug Bounty and/or penetration testing experience a bonus. Must be process and detail oriented, ability to create detailed process documentation. Excellent analytical and critical thinking skills. Strong interpersonal and communication skills, with the ability to explain complex security issues to technical and non-technical stakeholders. Ability to work effectively in a fast-paced environment and manage multiple priorities. Candidates local to work on a hybrid basis in Santa Ana, CA or Remote eligible welcome to apply Salary Range: $95,400.00-$158,900.00 This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location What We Offer By choice, we don't simply accept individuality - we embrace it, we support it, and we thrive on it Our People First Culture celebrates diversity, equity and inclusion not simply because it's the right thing to do, but also because it's the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term. Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.