Staff Application Security Engineer

Information Technology Bellevue, Washington

The Senior Application Security Engineer will be responsible for:

  • Ensuring RMS web applications, APIs and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001 and the RMS Information Security Policy.
  • Developing, implementing and monitoring enterprise information security architectures and solutions.
  • Designing and automating assessments through penetration testing and ethical hacking, then analyzing security risks and recommending mitigating and compensating security controls.
  • Performing internal penetration testing working closely with the engineering team to assess and prioritize discovered security issues and vulnerabilities.
  • Maintaining and supporting application security tools, including static and dynamic security analysis solutions, and develop related documentation.

 

The Senior Application Security Engineer will work closely with:

  • Cross functional teams to embed security, logging, auditing, and support all applications hosted within the corporate and cloud environments.
  • Security Operations to develop new incident response plans and playbooks related to web application security threats.
  • Software Engineering and QA departments to ensure security principles are enforced in all stages of the software development lifecycle.

 

Basic Qualifications

  • 7+ years of experience in Information Security
  • Experience with the development, deployment, and automation of application security solutions in an enterprise cloud based environment.
  • Deep understanding of OWASP Top 10 and CWE/SANS Top 25.
  • Demonstrated proficiency in ethical hacking and WhiteHat penetration testing.
  • Hands-on technical proficiency with Burp Suite and Metasploit.
  • Demonstrated experience in investigating security issues related to web application exploits, credential stealing and authentication-based exploits.
  • Experience in creating detailed solution design documents & diagrams.

Preferred Qualifications

  • 7+ years of experience in Information Security with an emphasis on application security.
  • At least one security related certification, such as CISSP, GIAC, CSSLP, required. CISSP or CEH.
  • Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2.
  • Hands-on technical proficiency with Burp Suite, Metasploit and Kali Linux.
  • 3+ years of experience as a software engineer in some capacity, especially application, platform or product development. Programming experience in Java, C++ or C highly preferred.
  • Demonstrated proficiency in JavaScript, HTML, PHP or Python. 
  • In-Depth knowledge of web application architecture, API development, and MVS frameworks.
  • Experience in DevOps environments and maintaining security in CI/CD processes highly desired
  • Solid understanding of either Amazon AWS or Microsoft Azure architectures/ecosystems.
  • Demonstrated ability to facilitate automation and integration through scripting in Powershell, Python, Perl, etc.
  • Working familiarity with threat models for large, distributed systems and cloud-based SaaS infrastructure.
  • Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously. 

About RMS

There’s a 1% chance an earthquake will cause $50 billion of insured loss within the next 12 months and a 5% chance that a hurricane will cause $60 billion of insured losses next year. At RMS, we turn risks into real numbers. How? By building simulation models that allow insurers and investors to understand and manage their global risks--from hurricanes, quakes, and wildfires, to cyberattacks, terror attacks, and pandemics. Why? We want to build a more resilient world, and we’re on a mission to help make every risk known.

Insurers, reinsurers, investors, financial institutions, governments, and NGOs trust RMS solutions to better understand and manage catastrophe risks. RMS was founded in 1989 by Stanford scientists who created our first model for California Earthquake. Today, RMS has some 1,300 employees across 13 offices in the US, London, Bermuda, Zurich, India, China, Japan, Singapore, and Australia, and over 1,000 products and models now covering six continents.

RMS helped pioneer the natural catastrophe model market we now lead – and we continue to innovate. In May 2019, we announced RMS Risk Intelligence™ (RI), an open-standard platform for strategic risk management. Through this purpose-built platform, clients can tap into RMS HD models, rich data layers, intuitive applications and APIs that simply integrate into existing enterprise systems to support business decisions across underwriting, risk selection, mitigation, and portfolio management.

How we understand and manage risk affects everyone and our passion is nothing less than creating a more resilient world through a better understanding of catastrophic events. Join our team of leading scientists, developers, industry experts, and world-class professionals. Together, RMSers make a difference on a truly global scale.

Visit RMS.com to learn more and follow us on LinkedIn and Twitter

RMS is proud to be an equal opportunity workplace. We are committed to equal employment opportunity without regard to race, color, creed, gender, religion, marital status, registered domestic partner status, age, national origin or ancestry, physical or mental disability, genetic characteristics, sexual orientation, or any other classification protected by applicable local, state, or federal law.

To all recruitment agencies: RMS does not accept unsolicited agency resumes and will not be responsible for the payment of placement fees related to unsolicited resumes submitted to open positions, job aliases, or to our employees. 

California Consumer Privacy Act notice: https://www.rms.com/legal#Privacy-Policy-ccpa

US Applicants: RMS is enrolled in E-Verify® and will be participating in E-Verify in addition to using our Form I-9 process. www.dhs.gov/E-Verify.