WCF Insurance
Software Security Engineer
WCF Insurance, Salt Lake City, Utah, United States,
JOB SUMMARY
This is an exempt position that reports to the VP, Chief Information Security Officer. The person in this position will assist in supporting WCF's business units with product security initiatives. They will assist in developing security standards, resiliency, security assessments, and ensuring that software development practices meet security best practices.
They will help create high-quality security-focused products by providing product development teams with the necessary support, requirements validation, tools, and training. They will partner with development teams to conduct manual and automated security testing and code audits to discover vulnerabilities for internally and externally developed systems.
QUALIFICATIONS
Bachelor's degree in computer science, or equivalent education.
5 years of experience including 2-3 years of development experience and at least 1 year of experience in information/cyber security with an emphasis on software security (or nine years of related work experience without a degree); insurance experience preferred.
Strong knowledge of the OWASP top 10 for Web and OWASP Top 10 for APIs.
Understanding of computer networking, routing, and associated hardware.
Familiarity with security tooling used to support an SSDLC (SCA/SAST/DAST/container scanning).
Background and experience with Java and JavaScript/TypeScript frameworks. Additional skills with C#, .NET, Python are preferred.
Certifications for Security+, Network+, GSEC, CEH, CSSLP, or willingness to obtain certifications.
ESSENTIAL JOB FUNCTIONS
Serve as an authority on application security with development and operations teams by learning and assessing new and existing WCF Insurance technologies/products from a security perspective.
Collaborate with development teams to integrate security throughout the software development lifecycle. Ensure security testing and compliance requirements are integrated into all phases of development and providing product development teams with the necessary support, requirements validation, tools, and training.
Oversee and recommend web security technology implementations (SRI, CSP), API security and automation functions .
Assist in penetration testing activities to identify and address security vulnerabilities including management of external/internal bug bounty and other related web vulnerability initiatives.
Define and implement a comprehensive application security program to protect the confidentiality, integrity, and availability of company assets available through applications.
Create architecture and application security documentation.
Design and provide system encryption, cryptography, and other security protection mechanisms and standards to be adhered to by all other programmers.
Perform complex problem analysis and decision making to mitigate security threats.
Research, develop, and recommend product security requirements for applications, infrastructure, cloud, and other products.
Design, e
stablish and prepare relevant, actionable security metrics.
ACCOUNTABILITY & REQUIREMENTS
Actively participate in building the information security program by evaluating and suggesting innovative solutions and ideas and championing the information security program.
Actively research, learn, and keep up with software security best practices and emerging technologies.
Support collaboration and knowledge sharing across the organization and build relationships between business units and key stakeholders.
Work independently and assume IT security management with general supervision.
Deliver excellent customer service to internal and external customers and department peers.
Demonstrate effective organization and time-management skills.
VALUES
The person in this position must demonstrate the WCF values of doing the right thing, being great at your job, and helping others succeed to fulfill the company's mission of excellence.
WORKING CONDITIONS
This position is based in an office environment with adequate temperature and lighting control. There are no known hazardous or unpleasant conditions caused by noise, dust, or other environmental factors. There are potentially high-stress situations that require meeting deadlines. The employee must meet the job attendance requirements for this position.
#J-18808-Ljbffr
This is an exempt position that reports to the VP, Chief Information Security Officer. The person in this position will assist in supporting WCF's business units with product security initiatives. They will assist in developing security standards, resiliency, security assessments, and ensuring that software development practices meet security best practices.
They will help create high-quality security-focused products by providing product development teams with the necessary support, requirements validation, tools, and training. They will partner with development teams to conduct manual and automated security testing and code audits to discover vulnerabilities for internally and externally developed systems.
QUALIFICATIONS
Bachelor's degree in computer science, or equivalent education.
5 years of experience including 2-3 years of development experience and at least 1 year of experience in information/cyber security with an emphasis on software security (or nine years of related work experience without a degree); insurance experience preferred.
Strong knowledge of the OWASP top 10 for Web and OWASP Top 10 for APIs.
Understanding of computer networking, routing, and associated hardware.
Familiarity with security tooling used to support an SSDLC (SCA/SAST/DAST/container scanning).
Background and experience with Java and JavaScript/TypeScript frameworks. Additional skills with C#, .NET, Python are preferred.
Certifications for Security+, Network+, GSEC, CEH, CSSLP, or willingness to obtain certifications.
ESSENTIAL JOB FUNCTIONS
Serve as an authority on application security with development and operations teams by learning and assessing new and existing WCF Insurance technologies/products from a security perspective.
Collaborate with development teams to integrate security throughout the software development lifecycle. Ensure security testing and compliance requirements are integrated into all phases of development and providing product development teams with the necessary support, requirements validation, tools, and training.
Oversee and recommend web security technology implementations (SRI, CSP), API security and automation functions .
Assist in penetration testing activities to identify and address security vulnerabilities including management of external/internal bug bounty and other related web vulnerability initiatives.
Define and implement a comprehensive application security program to protect the confidentiality, integrity, and availability of company assets available through applications.
Create architecture and application security documentation.
Design and provide system encryption, cryptography, and other security protection mechanisms and standards to be adhered to by all other programmers.
Perform complex problem analysis and decision making to mitigate security threats.
Research, develop, and recommend product security requirements for applications, infrastructure, cloud, and other products.
Design, e
stablish and prepare relevant, actionable security metrics.
ACCOUNTABILITY & REQUIREMENTS
Actively participate in building the information security program by evaluating and suggesting innovative solutions and ideas and championing the information security program.
Actively research, learn, and keep up with software security best practices and emerging technologies.
Support collaboration and knowledge sharing across the organization and build relationships between business units and key stakeholders.
Work independently and assume IT security management with general supervision.
Deliver excellent customer service to internal and external customers and department peers.
Demonstrate effective organization and time-management skills.
VALUES
The person in this position must demonstrate the WCF values of doing the right thing, being great at your job, and helping others succeed to fulfill the company's mission of excellence.
WORKING CONDITIONS
This position is based in an office environment with adequate temperature and lighting control. There are no known hazardous or unpleasant conditions caused by noise, dust, or other environmental factors. There are potentially high-stress situations that require meeting deadlines. The employee must meet the job attendance requirements for this position.
#J-18808-Ljbffr