Deseret Mutual Benefit Administrators
Information Security Engineer (AppSec)
Deseret Mutual Benefit Administrators, Salt Lake City, Utah, United States, 84193
DMBA provides a variety of benefits including health, life, and retirement to employees of the Church of Jesus Christ of Latter-day Saints and its affiliates. DMBA began operations in 1970 and is now in its 54th year of supporting the Church of Jesus Christ of Latter-day Saints and its mission.
Position Summary:
DMBA is looking for an Information Security Engineer to join the Information Security Team. The Information Security Team reports to the Chief Technology Officer and is responsible for the Information security program. This technical operations role will support various development, cloud, and red team projects to safeguard sensitive business information.
Responsibilities:
Help define and implement a comprehensive application security program to protect the confidentiality, integrity, and availability of company assetsEstablish reuseable policy and proceduresServe as an authority on application security with development and operations teamsEvaluate company attack surface to detect misconfigurations, vulnerabilities, or weaknesses requiring mitigationPartner with development teams to perform various code, credential, and SCA scansDesign, implement, and automate reasonable controls in cloud CI/CD environmentsSupport the creation and implementation of a red team function and partner with security operations to test detection capabilities and weaknessesHelp define the scope for annual and periodic penetration assessmentsActively participate in architectural discussions with other engineers and support staff on various information security topics such as ZTNA, observability, API security, and emergent technologies (AI/ML, etc.)Participate in the incident response process to support the identification, eradication, and recovery of systems.Create architecture and application documentationHelp define procedures to formalize and mature application securitySupport various security projects and participate in solution selection and enhancementsBe an active participant in building the information security program by evaluating and suggesting new solutions and ideas and championing the information security programQualifications and Experience:
4-year Bachelor's degree or equivalent experience4-7 years of IT and information security experience2-3 years of development experienceStrong understanding of information security best practices and security frameworks (NIST CSF, ISO 27001, ISO27005, CIS Controls, HITRUST, etc.) as they pertain to application securityWorking knowledge of the OWASP top 10Deep knowledge of databases, common operating systems (Windows/Linux), networking, application, and cloud environmentsCASE, CEH, AWS, or equivalent information security training and expertiseExperience with HIPAA, DOL Information security best practices, international, federal, and state privacy lawsExperience with C#, .NET, and JavaScriptDeveloping, hardening, and securing APIsOther Qualifications:
Ability to work with various IT and Business teams to address sensitive topics and riskStrong management and business communication skillsDeep technical understanding and ability to apply it to complex technical and business solutionsExpertise in project management and prioritizationHighly motivated team player with a desire to improve the information security programWork in a hybrid remote work and office work environmentWhat We Offer:
Competitive payRich medical, vision and dental benefits with low premiums (we are the #1 health plan in Utah!)Rich retirement planning; including 401(k) company match, 8% Retirement Plus Plan (we just give you free money for retirement), life insurance, and full service Financial Planners onsite at no costGenerous paid leave plan that starts accruing your first day, your birthday off, additional sick leave and 11 paid holidaysWorld class wellness program with health coaching, ability to earn 3 additional days off a year, fun activities and an onsite gym.Tuition reimbursementCareer development through company sponsored programs and over 5000 on-demand online training courses.
Position Summary:
DMBA is looking for an Information Security Engineer to join the Information Security Team. The Information Security Team reports to the Chief Technology Officer and is responsible for the Information security program. This technical operations role will support various development, cloud, and red team projects to safeguard sensitive business information.
Responsibilities:
Help define and implement a comprehensive application security program to protect the confidentiality, integrity, and availability of company assetsEstablish reuseable policy and proceduresServe as an authority on application security with development and operations teamsEvaluate company attack surface to detect misconfigurations, vulnerabilities, or weaknesses requiring mitigationPartner with development teams to perform various code, credential, and SCA scansDesign, implement, and automate reasonable controls in cloud CI/CD environmentsSupport the creation and implementation of a red team function and partner with security operations to test detection capabilities and weaknessesHelp define the scope for annual and periodic penetration assessmentsActively participate in architectural discussions with other engineers and support staff on various information security topics such as ZTNA, observability, API security, and emergent technologies (AI/ML, etc.)Participate in the incident response process to support the identification, eradication, and recovery of systems.Create architecture and application documentationHelp define procedures to formalize and mature application securitySupport various security projects and participate in solution selection and enhancementsBe an active participant in building the information security program by evaluating and suggesting new solutions and ideas and championing the information security programQualifications and Experience:
4-year Bachelor's degree or equivalent experience4-7 years of IT and information security experience2-3 years of development experienceStrong understanding of information security best practices and security frameworks (NIST CSF, ISO 27001, ISO27005, CIS Controls, HITRUST, etc.) as they pertain to application securityWorking knowledge of the OWASP top 10Deep knowledge of databases, common operating systems (Windows/Linux), networking, application, and cloud environmentsCASE, CEH, AWS, or equivalent information security training and expertiseExperience with HIPAA, DOL Information security best practices, international, federal, and state privacy lawsExperience with C#, .NET, and JavaScriptDeveloping, hardening, and securing APIsOther Qualifications:
Ability to work with various IT and Business teams to address sensitive topics and riskStrong management and business communication skillsDeep technical understanding and ability to apply it to complex technical and business solutionsExpertise in project management and prioritizationHighly motivated team player with a desire to improve the information security programWork in a hybrid remote work and office work environmentWhat We Offer:
Competitive payRich medical, vision and dental benefits with low premiums (we are the #1 health plan in Utah!)Rich retirement planning; including 401(k) company match, 8% Retirement Plus Plan (we just give you free money for retirement), life insurance, and full service Financial Planners onsite at no costGenerous paid leave plan that starts accruing your first day, your birthday off, additional sick leave and 11 paid holidaysWorld class wellness program with health coaching, ability to earn 3 additional days off a year, fun activities and an onsite gym.Tuition reimbursementCareer development through company sponsored programs and over 5000 on-demand online training courses.