Senior Application Security Engineer

Information Technology Bellevue, Washington

Senior Application Security Engineer

Key Responsibilities:

The Staff Application Security Engineer will be responsible for

  • Ensuring web applications, APIs and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001 and the RMS Information Security Policy
  • Developing, implementing and monitoring enterprise information security architectures and solutions.
  • Designing and automating assessments through penetration testing and ethical hacking, then analyzing security risks and recommending mitigating and compensating security controls.
  • Working closely with the Security Operations Center to develop new incident response plans and playbooks related to web application security threats
  • Working closely with engineering and QA to ensure security principles are enforced in all stages of the software development lifecycle
  • Participating in source code reviews and providing assessments of changes to application design and architecture prior to release to production
  • Working closely with cross functional teams to embed security, logging, auditing, and support all applications hosted within the corporate and cloud environments
  • Performing assessments of security tools, vendors and solutions to support information security roadmap initiatives
  • Help develop and deliver training around secure development lifecycle and secure coding practice
  • Performing internal penetration testing working closely with the engineering team to assess and prioritize discovered security issues and vulnerabilities
  • Maintain and support application security tools, including static and dynamic security analysis solutions, and develop related documentation

Qualifications

  • Minimum 7+ years of experience in Information Security with an emphasis on application security
  • At least one security related certification, such as CISSP, GIAC, CSSLP, required. CISSP or CEH strongly preferred.
  • Experience with the development, deployment, and automation of application security solutions in an enterprise cloud based environment
  • Experience in DevOps environments and maintaining security in CI/CD processes highly desired
  • Solid understanding of Microsoft Azure architecture and services
  • Deep understanding of OWASP Top 10 and CWE/SANS Top 25
  • Demonstrated proficiency in ethical hacking and whitehat penetration testin techniques
  • Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2
  • Hands-on technical proficiency with Burp Suite, Metasploit and Kali Linux highly preferred.
  • In-Depth knowledge of web application architecture, API development, and MVS frameworks required
  • Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously. 
  • Experience in creating detailed solution design documents & diagrams
  • Demonstrated experience in investigating security issues related to web application exploits, credential stealing and authentication-based exploits
  • Demonstrated ability to facilitate automation and integration through scripting in Powershell, Python, Perl, etc, highly preferred.
  • Demonstrated proficiency in JavaScript, HTML, PHP or Python.  Programming experience in Java, C++ or C highly preferred.
  • Familiar with threat models for large, distributed systems and cloud-based SaaS infrastructure

ABOUT RMS:

Risk Management Solutions, Inc. (RMS) models and solutions help insurers, financial markets, corporations, and public agencies evaluate and manage global risk throughout the world. RMS has some 1,300 employees across 13 offices in the US, London, Bermuda, Zurich, India, China, Japan, Singapore, and Australia, with products and models covering six continents.

We lead an industry that we helped to pioneer—catastrophe risk modeling – and continue to innovate. In May 2019, we announced the launch of RMS Risk Intelligence™ (RI), an open, flexible and future-proof platform for strategic risk management. Through this purpose-built platform, clients can tap into RMS HD models, rich data layers, intuitive applications and APIs that simply integrate into existing enterprise systems to support business decisions across underwriting, risk selection, mitigation and portfolio management.

Insurers, reinsurers, trading companies, and other financial institutions trust RMS solutions to better understand and manage the risks of natural and human-made catastrophes, including hurricanes, earthquakes, floods, terrorism, and pandemics.

Visit RMS.com to learn more and follow us on LinkedIn and Twitter

 RMS is proud to be an equal opportunity workplace. We are committed to equal employment opportunity without regard to race, color, creed, gender, religion, marital status, registered domestic partner status, age, national origin or ancestry, physical or mental disability, genetic characteristics, sexual orientation, or any other classification protected by applicable local, state, or federal law.

 To all recruitment agencies: RMS does not accept unsolicited agency resumes and will not be responsible for the payment of placement fees related to unsolicited resumes submitted to open positions, job aliases, or to our employees. 

 CCPA Notice:  https://www.rms.com/assets/blta021441b7a6fa142/CCPA_Candidate_Notice.pdf