Job Description :
Role: Lead Application Security Engineer
Location: Downtown Cincinnati, OH
Type of Engagement: 6-month+
Mode of interview: will do skpe/webex
No H1B and OPT EAD
Description:
Be Here. Be Great. Working for a leader in the insurance industry means opportunity for you. Great American Insurance Group, a member of American Financial Group, is a Fortune 500 company consistently recognized as a top place to work. We combine a "small company" culture where your ideas will be heard with "big company" expertise to help you succeed. With over 30 specialty property and casualty operations and a variety of financial services, there are always opportunities here to learn and grow.
Responsibilities:
The Lead Application Security Engineer will be responsible for creating and managing the process, procedures and tooling of the application security program. This is a leadership, as well as hands-on, role requiring an application security professional who has a solid background in application development and coding experience, combined with an understanding of Information Security and Secure Coding / Secure Software Development principles. As the Application Security program is built, this role will be responsible for driving the buildout of standards and collaborating with the Business Units to implement those standards and tools.
Responsibilities and Duties:
Work in conjunction with the Architecture team to lead the development of the Application Security program for the Enterprise
Provide strong leadership and cross-functional / stakeholder communications
Work with the Architecture team to select and lead deployment of tools as necessary to expand the program. Integrate those into the SDLC for automation and assistance to developers.
Execute the scanning tools. Reviewing results and coordinating with the Application Development teams the tracking and remediation of findings.
Assist the Development teams with code reviews and integrating security into the multiple SDLC processes.
Work with the internal Cyber Threat Team on scheduling penetration tests of critical applications and work with those development teams on remediation of findings.
Work with architecture teams to build, execute, and track a roadmap of Application Security maturity
Build and maintain documentation related to the application security program including the development of, or updates to, new or currently established baselines for secure application development.
Build relationships with the key teams in the enterprise including: application development teams, project management organization, hosting, and information security
Escalate to senior leadership any major concerns with applications in the organization due to security risk. These can be detected through tools, manual or third party testing
Track metrics and the reporting of those metrics to help the organization understand the program success
Evaluate new security trends and technologies
Participate as necessary as a subject matter expert in the incident response program as well as other enterprise wide application programs.
Consulting with Business Unit Application Development teams on best practices
Other duties as assigned.
Knowledge and Skills:
Bachelor’s degree in related discipline with 5 or more years experience
Experience working within a Secure SDLC environment
Experience with application assessment tools (SAST and DAST)
Experience with application security tools (WAF, etc
Excellent communication skills and the ability to develop and leverage effective relationships with developers, business leaders, stakeholders, and externally
Strong collaboration, communication, problem solving, documentation, conceptual and analytical skills
Experience with service or program building including metrics and operations
Able to work at high level of autonomy in a dynamic environment
Experience with DevOps, Agile SDLC processes
Experience working in a complex, distributed enterprise environment
Ability to prioritize and manage work to critical project timelines in a fast-paced environment
Strong sense of personal accountability
Ability to learn and apply new technologies quickly and self-directed