Principal IT Application Security Engineer

Technology United States


Description

Principal IT Application Security Engineer 

Remote – US

 

 

The Opportunity: 

Anthology offers the largest EdTech ecosystem on a global scale, supporting over 150 million users in 80 countries. The company’s mission is to provide dynamic, data-informed experiences to the global education community so that learners and educators can achieve their goals.  

 

We believe in the power of a truly diverse and inclusive workforce. As we expand globally, we are committed to making diversity, inclusion, and belonging a foundational part of not only our hiring practices but who we are as a company. 

 

For more information about Anthology and our career opportunities, please visit www.anthology.com.

 

As Principal Application Security Engineer, you will be a subject matter expert in both defensive and offensive application security activities with a desire to contribute to the strategic planning of our Application Security program. You will work closely with development teams, product managers (PM), and third-party groups to improve the security of our Products. 

 

Primary responsibilities will include:

  • Managing projects or processes, responsible for making moderate to significant improvements in the AppSec program
  • Contributing to the development of our Product security roadmap and planning efforts
  • Influencing parties within and outside the Business regarding policies, procedures, and practices
  • Solving numerous and undefined problems that require detailed information gathering, analysis, and investigation to understand the problem
  • Coaching, reviewing, and delegating work to junior professionals
  • Performing manual and automated Web Application, API and Mobile security testing
  • Identifying remediation strategies and supporting DEVs in implementation

 

The Candidate:

Required skills/qualifications:

  • Expertise with performing penetration testing and knowledge of mitigation techniques as per OWASP Top 10, SANS Top 25, or WASC 
  • Hands-on experience with testing frameworks in line with Web Applications, Mobile Applications, Web Services/APIs, Thick-client, Network and Cloud (AWS preferred)
  • Experience in shifting DEV teams left, through a Secure Software Development Life Cycle and performing threat modeling, design reviews, code reviews and penetration testing
  • Experience in at least one programming or scripting language
  • Experience leading technical projects or processes
  • Experience providing oversight and mentoring to junior and/or new team members
  • Must be a US Citizen


 

Preferred skills/qualifications:

  • Experience leading a small team
  • Experience with CI/CD and integration of security tools with build automation tools
  • Bachelor's degree or equivalent experience in Security
  • Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional)
  • Fluent in the backend and/or frontend of Anthology applications
  • Experience with FedRAMP audit processes and how components apply to Anthology applications
  • Experience with DoD IL4 Requirements

 

 

This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time. 

 

Blackboard is an equal employment opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, gender identity/expression, protected military/veteran status, or any other legally protected factor. 

 

 

This position is not available for candidates residing in the following states: CO, CA, MA

 

#LI-Remote  #LI-JO1