Job Description :

As an SAE you will be responsible for testing, designing and implementing security controls and solutions driven by Central Security team and company policies and standards to reduce the risk to Pearson Learning Platform and its customers. This includes enterprise-level design work for system security, cloud security, identity and access management, data protection and many more.

The Security Engineer is a member of the Development team and is responsible for reviewing security designs, implementing technical security controls, and designing security solutions. They will help implement the information security design, enforce compliance with security policies and controls and function as a technical security expert on various projects.

Key Skills

Development background - Expertise in technologies used in development (Java, CI/CD, Cloud)

Application Security - Understand OWASP top 10, ability to identify false positives, work with different security technologies)

Prioritize and accountable for all security related items in the product ,train the other development teams as necessary

Ability to push security changes to production as part of software development process - Perform remediation


Keep track of CISO acceptance criteria for the product
o Static scans, Dynamic scans, Pen Test, Infrastructure, Container, Cloud scans

o Privilege User, Encryption, Key Management Security backlog

o Create change controls when necessary

o Part of SAE Community and help Pearson reduce risk

Security controls and best practices

Work closely with product and platform teams to implement security controls

Plan and monitor security measures

Work closely with functional-area architects, engineering, and security specialists throughout Pearson Learning Platform (PLP) to ensure adequate security solutions and controls are in place throughout all

PLP systems, cloud systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements;

Provide security subject matter expertise and help project teams comply with enterprise and IT security policies, industry regulations, and best practices;

Assess and understand PLP current security posture and future architecture, providing a viable solution path to bridge the gap;

Assess and understand the current and planned security posture for platforms (e.g. servers, databases, web servers), providing recommendations for improvement and risk reduction;

Design security configuration standards, procedures, and guidelines for platforms such as baseline security configurations and hardening guides;

Communicate security risks and solutions to business partners and IT staff;

Coach developers on application security

Recognize, adopt, and instill industry leading practices in security engineering throughout the organization

Correctly balance security risk and product advancement

Secure DevOps/Secure SDLC

Identify and execute on opportunities to automate internal, cloud and platform security controls;

Provide subject matter expertise on, and conduct in-depth security reviews of software applications

Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk;

Incident Response

Support security incident response as required;

Researches, designs, and advocates new technologies and security products that will support security requirements for the enterprise and its customers, business partners, and vendors;

Contributes to the development and maintenance of the information security strategy;

Evaluates and develops secure solutions, based on approved security architectures;

Security Tooling

Administer, configure, and support security tools

Assist with adoption of new/existing security tools as needed

Create/support integrations of security tools into central analytics system

Embrace a culture of continuous service improvement and service excellence;

Stay up to date on security industry trends.


Required Education & Experience

Bachelor's degree in Computer Science, MIS, or equivalent technology discipline

Familiar with OWASP Secure Coding Practices, Continuous Integration/Continuous Deployment (CI/CD) processes/concepts, REST API technology and methods, and common security vulnerabilities and fixes

Proven ability in security process and organizational design

Current understanding of industry security trends and emerging threats

3 years minimum Java development required

3 years programmatic interaction with relational database systems

Current technology stack: Spring, Java, Reactive Programming

Experience in OOAD, agile processes, design patterns, SQL and UML