Web Application Security Engineer

Job Locations US-PA-Exton | UK-Cheltenham | US-FL-Ft. Lauderdale | US-UT-Salt Lake City | US-NC-Huntersville
Posted Date 1 week ago(2/13/2018 12:14 PM)
ID
2018-5129
# of Openings
1
Category
Information Technology

Overview

iPipeline is a leading provider of cloud-based software solutions for the life insurance and financial services industry. Through our SaaS solutions, we accelerate and simplify insurance sales, compliance, operations, and support. We provide process automation and seamless integration between every participant in the life insurance industry including carriers, agents (such as financial advisors and independent insurance agents), distributors (such as banks, broker-dealers, and general agencies) and consumers. Our innovative solutions enable automated processing for pre-sales, point-of-sale execution of applications, post-sale support, reporting, consumer delivery and agency management.

 

iPipeline makes it easier for people to purchase investment and insurance products that secure their financial future. With headquarters in Exton, Pennsylvania, iPipeline has locations in Cheltenham (UK), Fort Lauderdale, Atlanta, Ontario (CA), Philadelphia, and Salt Lake City. Visit www.ipipeline.com.

 

We are currently looking for a Web Application Security Engineer in any of our global offices.

Responsibilities

Purpose of the Role:

 

  • Improve iPipeline’s system and application security by identifying and verifying threats using real-world attacks.
  • Provide global compliance support by providing external and internal audit requirements.
  • Prepare applications for future compliance requirements through rigorous pre-compliance audit checks.
  • Educate development teams on secure coding practices.
  • Assist in development, verification, and education of security procedures and policies.
  • Ensure audit findings are accurately included in the iPipeline risk management process.
  • Perform spot checks to verify security policies and compliance requirements are maintained.

 

Responsibilities:

 

  • Ensure web, mobile and desktop applications, APIs and cloud services are planned, designed, developed, implemented and monitored following all applicable regulations and best practices to ensure the proper level of security is built in.
  • Educate software developers on coding best practices (i.e. - OWASP Top 10) and the latest attack vectors
  • Provide security requirements to iPipeline’s global development teams.
  • Scope and perform application security reviews of web, mobile and desktop applications, APIs, and architecture.
  • Review dynamic and static code analysis review findings for false positives.
  • Confirm and assist with the prioritize the remediation of discovered security bugs.
  • Perform security testing such as fuzzing, DAST and/or penetration testing.
  • Provide guidance to iPipeline’s group of security champions within our global development teams in building security into their applications.
  • Partner with the Security Operations Center to ensure applications log & report the appropriate security events.
  • Maintain the global internal and external inventory of software assets.
  • Pair with 3rd party penetration tests to provide business knowledge and learn additional attack perspectives.

 

Qualifications

Qualifications:

 

  • Bachelor’s degree in Computer Science or MIS or comparable experience.
  • Certified Security Professional (CISSP, GIAC or other certifications) a plus
  • AWS and/or Network Security Certifications a plus
  • Application Security tools like Burp, OWASP ZAP, brakeman, and other DAST and SAST tools.
  • A functional understanding of Amazon Web Services - VPC, IAM, KMS, EC2, S3, EBS, ELB, etc., or similar primitives is not required, but will certainly help.
  • Languages - one or more of: .NET, Ruby, Python, Java, Node, Delphi, Shell, JavaScript both for performing code reviews and creating your own scripts and tooling (fuzzers, scanners, etc.).
  • Experience with building security automation is a big plus
  • Experience with black box, grey box, and white box security testing of applications.
  • Experience with performing threat modelling
  • Strong working knowledge of web application development and architecture, HTTP, and TLS.
  • Offensive mind-set and the ability to think of and consider abuse and attack paths as well as the defensive mind-set to think of recommendations to prevent them.
  • Enthusiastic and quick learning of complex systems and poorly-documented open source software.
  • Comfortable working with continuous integration/delivery and agile development teams.
  • Able to work collaboratively across diverse engineering teams and products to meet organizational security goals

 

Experience:

 

  • Experience with current web and mobile application frameworks.
  • Proficiency with enterprise network technologies and architectures.
  • Scripting, software development, and process automation experience.
  • Understanding of software development life cycle.
  • Experience with web application penetration testing methodologies.
  • Ability to accurately perform information gathering and proper filtering within context.
  • Understanding of OWASP Top 10 and SANS 20 Critical Security Controls.

 

Personal Qualities:

 

  • Passionate about technology and information security.
  • Ambition for continuous learning.
  • Analytical/detail oriented.
  • Self-motivated.
  • Desire to understand how things work.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.