APPLICATION SECURITY ENGINEER

WHAT IS THE OPPORTUNITY?

As a member of the Attack Surface Reduction team, you will be responsible for implementing and maintaining secure software development practices within our organization.

You will work closely with software developers and other team members to ensure that our applications are secure, addressing security issues discovered during the secure development process.

As security issues are uncovered, the Application Security Engineer communicates technical solutions to development teams with a focus on risk mitigation to improve business continuity.

The engineer is also responsible for assessing the security of internally developed, third-party developed, commercial off the shelf (COTS), and open-source software applications.

This includes using automated and manual tools to verify vulnerability risk and perform penetration tests.

Additional responsibilities will include development of automated process, training developers, deploying application security tools, developing remediation solutions, or finding solutions to other challenging problems related to application security.

WHAT YOU WILL BE DOING?

• Partnering with development teams to verify automated scan and penetration testing results and design / select remediation approaches.
• Perform application penetration tests
• Collaborate with other security teams such as security operations, red teams, threat intelligence and risk management to remediate vulnerabilities, understand risk, and reduce the attack surface.
• Interface with development teams to configure, perform, and validate the results of SAST, DAST, OSS, and penetration testing, and assist in selecting remediation solutions for those findings.
• Develop automated testing scripts, process, testing tools, exploits, remediation notes, or attack vectors
• Consult, advise or oversee the secure design and configuration requirements of key application projects to ensure compliance with bank and regulatory standards
• Educate and train application teams on security topics and skills to build strong relationships within the development community

WHAT DO YOU NEED TO SUCCEED

Must-Have*

• Bachelor's Degree in Business, Computer Science or equivalent
• Minimum 5 years experience in Information / Cyber Security field
• Minimum 5 years experience as an engineer or administrator of enterprise security technology platform

Skills and Knowledge

• Experience in application security vulnerabilities, tools, and exploits
• A strong understanding of the OWASP top ten and other frameworks for application security
• Strong understanding of testing methodologies used for SAST, DAST, and OSS.
• Web development experience along with proficiency in common development tools such as Git and IDEs, and how security tools integrate with CI / CD pipelines
• Strong written and verbal communication skills, as well as the ability to work well with a diverse mix of stakeholders
• Experience with common development tools such as Git and IDEs
• Experience in developing alternative solution to difficult problems
• Self-motivation with a strong desire to learn, improve skills and share knowledge with others.
• Security Certifications such as CISSP, OSCP, PenTest+, GWAPT.
• Pen Testing Experience
• Experience using vulnerability detection tools
• Experience exploiting vulnerabilities
• Threat modeling experience
• Experience with one or more enterprise security platforms
• Experience as an engineer in the design, implementation and support in a complete enterprise IT environment
• Knowledge of secure build and configuration standards in a highly regulated environment
• Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with partner engineering and architecture teams across IT
• Strong commitment to working as a team and providing excellent customer service.
• Bachelor's degree in business, computer science or related field preferred
• Security certifications (CISSP, GSEC, etc.) are preferred.
• System administration certifications (CCNA, MCSA, etc.) Preferred
• Formalized training and mastery in security platform or product

Compensation Starting base salary : $92,114 - $156,880 per year. Exact compensation may vary based on skills, experience, and location.

This job is eligible for bonus and / or commissions.

To be considered for this position you must meet at least these basic qualifications

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification.

It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Benefits and Perks At City National, we strive to be the best at whatever we do, including the benefits and perks we offer our colleagues.

Get an inside look at our Benefits and Perks.

INCLUSION AND EQUAL OPPORTUNITY EMPLOYMENT

City National Bank is an equal opportunity employer committed to diversity and inclusion. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other basis protected by law.

ABOUT CITY NATIONAL

We start with a basic premise : Business is personal. Since day one we've always gone further than the competition to help our clients, colleagues and community flourish.

City National Bank was founded in 1954 by entrepreneurs for entrepreneurs and that legacy of integrity, community and unparalleled client relationships continues to drive phenomenal growth today.

City National is a subsidiary of Royal Bank of Canada, one of North America's leading diversified financial services companies.

Overview

• Position Description : A Security Engineer serves as the security engineer of complex technology implementations in a product-centric environment;
• is comfortable with bridging the gap between legacy development or operations teams and working toward a shared culture and vision;

works to ensure developers create the most secure systems while enhancing the privacy of all system users; and has experience with white-hat hacking and fundamental computer science concepts.

The Security Engineer will perform security audits, risk analysis, application-level vulnerability testing, and security code reviews;

develop and implement technical solutions to help mitigate security vulnerabilities; and conduct research to identify new attack vectors.

Skills Required : Security Engineers will possess knowledge and experience in safeguarding sensitive data from cyber-attacks.

Skills Preferred :

Experience Required : This classification must have a minimum of ten (10) years of experience with developing and implementing technical solutions to help mitigate security vulnerabilities.

Experience Preferred : -Four (4) or more years of recent, full-time, highly responsible paid experience managing the security of multiple platforms, operating system, software and network protocols for a large IT organization.

• Demonstrated skills in Industrial Control System (ICS), Supervisory Control and Data Acquisition (SCADA), security architecture, IT Security, networking, or systems administration with an emphasis on security are highly desired.
• Experience in risk management, auditing, assessment, industry security framework, and / or internal controls. -Proven knowledge of security architecture design, network security, vulnerability management, and threat intelligence / analysis-Experience in security, operations, control assessment, risk management, auditing, and / or internal controls-Experience with security and privacy legal and regulatory requirements-Knowledge of common information security management frameworks, such as NIST, CIS, ISO 27001, COBIT, or PCI DSS-Experience performing information security risk assessments and risk analysis-Strong understanding of encryption.
• Strong understanding of networking concepts and protocols (e.g. TCP / IP, LAN, WAN, DHCP, DNS, Routing Protocols, etc.)-Expert level knowledge of security systems such as;

SIEM (Microsoft Sentinel), IPS, Firewalls, and related network security tools.-Operating Systems : Windows, Unix, Mac-Databases : SQL, Azure, Oracle

Education Required : This classification requires the possession of a bachelor’s degree in an IT-related or Engineering field.

Additional qualifying experience may be substituted for the required education on a year-for-year basis.

Education Preferred : -Bachelor’s Degree in Computing Science, Information Systems, or a closely-related field.-One (1) or more industry recognized Certifications in Security : CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) GIAC (Global Information Assurance Certification) Other Comparable Security Certifications

Additional Information : 4 / 40 work schedule. Onsite required at Public Works HQ in Alhambra, CA 91803. Additional Live Scan requirements must be completed for department.

Local Candidates Only..

Hi, we're Oscar. We're hiring a Senior Security Engineer, Application Security to join our Security team.

Oscar is the first health insurance company built around a full stack technology platform and a focus on serving our members.

We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves one that behaves like a doctor in the family.

About the Role :

As a Senior Security Engineer, you will collaborate closely with fellow Security team members as well as with cross-functional partners within Engineering and Product.

Your primary objective will be to safeguard classified information by thoroughly assessing and examining Oscar's applications and infrastructure.

In addition, you will be responsible for presenting identified risks and providing guidance on best practices to prevent future vulnerabilities.

You will report into the Senior Director of Security. This is a hybrid role. You will work part of the time in the Los Angeles (Marina Del Ray) office and part of the time work-from-home / remote. #LI-Hybrid

The base pay for this role is $156,560-$205,485 per year. You are also eligible for employee benefits, company equity grants, participation in Oscar's unlimited vacation program and annual performance bonuses.

Responsibilities :

• Partner with cross-functional teams to identify, mitigate, and resolve security issues within Oscar’s tech stack (Web Applications, Mobile Apps, Network, Cloud)
• Perform and document technical testing based on industry recognized standards (OWASP) and best practices to identify security vulnerabilities against Oscar owned assets (website, mobile applications, networks and cloud environments), including :
• Threat Modeling
• Architecture / Design Reviews
• Application and Cloud Security Testing (Red Teaming)
• Lead internal workshops with cross functional teams to discuss outcomes from technical reviews and develop a plan for mitigating identified risks
• Exhibit a deep understanding of Oscar’s technology footprint, how our systems work and how they may be attacked or abused
• Collaborate with Security Leadership regarding technical vulnerabilities and potential impact if exploited
• Collaborate with non-technical teams to propose control and process enhancements to mitigate technical risk
• Stay up-to-date with current security trends, advisories, publications and relevant research for the organization
• Define hardening and secure design standards and use them to perform application security reviews in partnership with developer teams

Requirements :

• 5+ years of experience assessing Web Applications, Cloud Environments, Mobile Applications and Network security
• Ability to simplify complex security issues into actionable steps for remediation or risk mitigation
• Knowledge of industry recognized methodologies and frameworks for security testing (OWASP, OSSTM, PTES)
• Experience testing web applications for security vulnerabilities
• Experience testing mobile applications for security vulnerabilities
• Experience assessing cloud environment for misconfigurations and security vulnerabilities
• Experience testing networks for security vulnerabilities
• Working familiarity with AWS and GCP
• Experience using containers and container orchestration technology (Mesos and Kubernetes)

Bonus Points :

• Prior work experience in a risk management capacity
• Industry recognized certifications around offensive security (OSCP, OSCE,OSWP,OSWA,OSWE)
• Prior work experience in or understanding of security challenges specific to the healthcare or health insurance industries
• Experience assessing containers for security vulnerabilities

This is an authentic Oscar Health job opportunity. Learn more about how you can safeguard yourself from recruitment fraud.

At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves and find both belonging and support.

We're on a mission to change health care an experience made whole by our unique backgrounds and perspectives..

Pay Transparency :

Final offer amounts, within the base pay set forth above, are determined by factors including your relevant skills, education, and experience.

Full-time employees are eligible for benefits including : medical, dental, and vision benefits, 11 paid holidays, paid sick time, paid parental leave, 401(k) plan participation, life and disability insurance, and paid wellness time and reimbursements.

Security Officer

• Prevents loss and damage by displaying high visibility uniform security presence on property.
• Secures property through effective patrols, monitoring surveillance equipment, and access points.
• Investigates security breaches, incidents, and other alarming behavior.
• Challenge observed persons violating property policy and procedures.
• Complete reports by recording observations, information, occurrences, and surveillance activities.
• Maintains environment by monitoring and setting building and equipment controls.
• Maintains the organization’s stability and reputation by complying with legal requirements.
• Ensures operation of equipment by completing preventive maintenance requirements.
• Contributes to team effort by accomplishing related results as needed.

Security Officer Qualifications and Skills

• Must be able to stand for up to 4 hours
• Must be able to lift a minimum of 15 lbs.
• Ability to walk for long periods, walk up and down stairs and kneel
• Basic computer skills
• Strong interpersonal, verbal, and written communication skills
• Excellent sense of judgment
• Can always stay alert

Education and Experience Requirements

• Valid BSIS Guard Card
• High School Diploma or equivalent required

Kent Services is a family-owned security, technology and building services firm with a renowned history of delivering unparalleled services through our close to 2,000 employees who cover the entire continental US.

We offer an array of careers that deliver a rewarding experience, great benefits and professional growth and development.

We challenge our colleagues each step of the way and provide them with the tools to succeed and accomplish their personal and professional goals.

Together, we can deliver the highest quality of service to each of our customers and put you on the career path you have been looking for.

• Large organization in the Los Angeles CA area, has a long-term contract position for a Security Engineer. Position DescriptionA Security Engineer serves as the security engineer of complex technology implementations in a product-centric environment;
• is comfortable with bridging the gap between legacy development or operations teams and working toward a shared culture and vision;

works to ensure developers create the most secure systems while enhancing the privacy of all system users; and has experience with white-hat hacking and fundamental computer science concepts.

The Security Engineer will perform security audits, risk analysis, application-level vulnerability testing, and security code reviews;

develop and implement technical solutions to help mitigate security vulnerabilities; and conduct research to identify new attack vectors.

Skills RequiredSecurity Engineers will possess knowledge and experience in safeguarding sensitive data from cyber-attacks.

Experience RequiredThis classification must have a minimum of ten (10) years of experience with developing and implementing technical solutions to help mitigate security vulnerabilities.

Experience PreferredFour (4) or more years of recent, full-time, highly responsible paid experience managing the security of multiple platforms, operating system, software and network protocols for a large IT organization.

• Demonstrated skills in Industrial Control System (ICS), Supervisory Control and Data Acquisition (SCADA), security architecture, IT Security, networking, or systems administration with an emphasis on security are highly desired.
• Experience in risk management, auditing, assessment, industry security framework, and / or internal controls. -Proven knowledge of security architecture design, network security, vulnerability management, and threat intelligence / analysis -Experience in security, operations, control assessment, risk management, auditing, and / or internal controls -Experience with security and privacy legal and regulatory requirements -Knowledge of common information security management frameworks, such as NIST, CIS, ISO 27001, COBIT, or PCI DSS -Experience performing information security risk assessments and risk analysis -Strong understanding of encryption.
• Strong understanding of networking concepts and protocols (, LAN, WAN, DHCP, DNS, Routing Protocols, etc.) -Expert level knowledge of security systems such as;

SIEM (Microsoft Sentinel), IPS, Firewalls, and related network security tools. -Operating Systems : Windows, Unix, Mac -Databases : SQL, Azure, OracleEducation RequiredThis classification requires the possession of a bachelor"s degree in an IT-related or Engineering field.

Additional qualifying experience may be substituted for the required education on a year-for-year basis.Education PreferredBachelor"s Degree in Computing Science, Information Systems, or a closely-related field.

• One (1) or more industry recognized Certifications in Security : CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) GIAC (Global Information Assurance Certification) Other Comparable Security Certifications