• Web Application Security Engineer

    Job Locations US-PA-Exton | UK-Cheltenham | US-FL-Ft. Lauderdale | US-UT-Salt Lake City | US-NC-Huntersville
    Posted Date 1 week ago(4/16/2018 3:34 PM)
    ID
    2018-5129
    # of Openings
    1
    Category
    Information Technology
  • Overview

    iPipeline is a leading provider of cloud-based software solutions for the life insurance and financial services industry. Through our SaaS solutions, we accelerate and simplify insurance sales, compliance, operations, and support. We provide process automation and seamless integration between every participant in the life insurance industry including carriers, agents (such as financial advisors and independent insurance agents), distributors (such as banks, broker-dealers, and general agencies) and consumers. Our innovative solutions enable automated processing for pre-sales, point-of-sale execution of applications, post-sale support, reporting, consumer delivery and agency management.

     

    iPipeline makes it easier for people to purchase investment and insurance products that secure their financial future. With headquarters in Exton, Pennsylvania, iPipeline has locations in Cheltenham (UK), Fort Lauderdale, Atlanta, Ontario (CA), Philadelphia, and Salt Lake City. Visit www.ipipeline.com.

     

    We are currently looking for a Web Application Security Engineer in any of our global offices.

    Responsibilities

    Are you a developer with experience or interests in security?  Do you want to help our developers produce more secure systems? Or do you want to attempt to find vulnerabilities in our systems? Are you interested in automating security into DevSecOps? Either way, come join iPipeline’s growing security team.  Experience developing/writing code and understanding a typical SDLC is more important than experience in security.

     

    Responsibilities:

     

    • Ensure web, mobile and desktop applications, APIs and cloud services are planned, designed, developed, implemented and monitored following all applicable regulations and best practices to ensure the proper level of security is built in.
    • Educate software developers on coding best practices (i.e. - OWASP Top 10) and the latest attack vectors
    • Provide security requirements to iPipeline’s global development teams.
    • Assist in development, verification, and education of security procedures and policies.
    • Scope and perform application security reviews of web, mobile and desktop applications, APIs, and architecture.
    • Review dynamic and static code analysis review findings for false positives.
    • Automate iPipeline’s security testing capabilities as part of our corporate DevSecOps initiative.
    • Confirm and assist with the prioritize the remediation of discovered security bugs.
    • Perform security testing such as fuzzing, DAST and/or penetration testing.
    • Provide guidance to iPipeline’s group of security champions within our global development teams in building security into their applications.
    • Partner with the Security Operations Center to ensure applications log & report the appropriate security events.
    • Pair with 3rd party penetration tests to provide business knowledge and learn additional attack perspectives.

    Qualifications

    Required Qualifications:

     

    • Languages - one or more of: .NET, Ruby, Python, Java, Node, Delphi, Shell, JavaScript both for performing code reviews and creating your own scripts and tooling (automation, fuzzers, scanners, etc.).
    • Strong working knowledge of web application development and architecture, HTTP, and TLS.
    • Enthusiastic and quick learning of complex systems and poorly-documented open source software.
    • Comfortable working with continuous integration/delivery and agile development teams.
    • Able to work collaboratively across diverse engineering teams and products to meet organizational security goals

     

    Preferred Qualifications:

     

    • Bachelor’s degree in Computer Science or MIS or comparable experience.
    • Certified Security Professional (CISSP, GIAC or other certifications) a plus
    • AWS and/or Network Security Certifications a plus
    • Application Security tools like Burp, OWASP ZAP, brakeman, and other DAST and SAST tools.
    • Experience with building security automation is a big plus
    • Experience with black box, grey box, and white box security testing of applications.
    • Experience with performing threat modelling
    • Offensive mind-set and the ability to think of and consider abuse and attack paths as well as the defensive mind-set to think of recommendations to prevent them.

     

    Personality:

     

    • Passionate about technology and information security.
    • Ambition for continuous learning.
    • Analytical/detail oriented.
    • Self-motivated.
    • Desire to understand how things work.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Need help finding the right job?

    We can recommend jobs specifically for you! Click here to get started.