Senior Application Security Engineer

Engineering Remote, United States


Description

At Curriculum Associates (CA), we believe a diverse team leads to diversity in thinking, making our products better for teachers and students. If you read this job description, feel energized by what you see here, and believe you could bring passion and commitment to the role, but you aren’t sure you meet every qualification, please apply! Above all, we are looking for the right person!

We are seeking an experienced Senior Security Engineer to join our security team within our technology organization. The focus will be on securing our i-Ready application development and cloud infrastructure.  The successful candidate will establish advanced security capabilities within the organization and drive improvements in our security posture in support of the Curriculum Associates’ mission.

The impact you’ll have:

  • You’ll perform secure code reviews and provide guidance to development teams
  • You’ll develop, monitor, and assess our data, server, and network security implementations in the cloud
  • You’ll conduct server vulnerability testing and implement remediation
  • You’ll review and refine data security policies and procedures
  • You’ll configure, automate and troubleshoot security tools
  • You’ll help prepare us for third party audits (SOC, PCI DSS)

 

Who we’re looking for:

  • 5+ years of experience in an Application or Cloud Security role
  • Bachelor’s degree in software, engineering or related field
  • Experience or working knowledge of penetration testing methods and tools (Burp Suite, Charles Proxy, Kali Linux, Metasploit, etc.)
  • Experience performing code reviews, preferably in Java, Scala, or Python
  • Experience creating solutions in AWS
  • Ability to work in and enjoy a fast-paced environment across organizational teams
  • Excellent verbal and written communication skills
  • General analysis/problem solving and ability to develop creative solutions

 

We’d also love to see,  though not required:

  • Master’s degree in cyber security
  • Experience with corporate IT security (O365, AD, Okta)
  • Some audit and compliance (ISO-27000, NIST-800, SOC, PCI) efforts and understanding
  • PowerShell, Bash, Python scripting, and coding abilities
  • Experience with SAST/DAST tools like Veracode, OWASP ZAP, and OWASP Dependency Track
  • Administration of SDLC tools like Github and Jenkins

 

Location: Currently, all Curriculum Associates employees are working remotely due to Covid-19. Once it is safe to go back into the office, team members will return to our home office in North Billerica, MA several days a week.  However, we encourage folks from across the U.S. to apply to this role! If you are not in the greater Boston area, you should expect to travel to Boston semi-annually (once it is safe to do so).  

 

Compensation & benefits: Competitive salary with great benefits including health, dental, and vision insurance, employer contributed 401K.

 



Curriculum Associates, LLC is an Equal Opportunity Employer. Curriculum Associates, LLC will not discriminate against any employee or applicant for employment because of race, color, creed, religion, sex, national origin, age, marital status, veteran status, sexual orientation, gender identity or expression, disability, genetic information, or any other category protected by law. Curriculum Associates, LLC will grant employment, without regard to race, color, creed, religion, sex, national origin, age, marital status, veteran status, sexual orientation, gender identity or expression, disability, genetic information, or any other category protected by law. Such action shall include, but not be limited to, the following: employment, upgrading, demotion, transfer, recruitment or recruitment advertising, layoff or termination, rates of pay or other forms of compensation.

Our company uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.uscis.gov/e-verify.