Are you a highly skilled Security professional that has a passion for Application Security in a DevOps world? Bring your proficiency to help us craft our IT Security program, next gen. Work closely with our Application Development teams to provide secure applications and foster DevSecOps theory and processes; aligning the overall security model with business goals and ongoing operations. You bring to this position a high-level of security expertise, a deep understanding of modern development languages and cloud platforms. You have a consistent record for driving product security initiatives and experience delivering software security at scale. You'll lead application security testing (SAST, DAST, and RASP), penetration testing, web application firewall management, and red teaming. Help us re-think what it means to be a secure insurance provider in a fast-changing, highly fierce market.
Your day could include and experience we would like to see :
- You will mentor, guide, lead and direct the maturity of the application security team responsible for an enterprise program
- You will guide the integration of secure development standards, tools, and processes into the development lifecycle
- You'll support the development and implementation of a threat modeling framework, secure frameworks and libraries
- You will support development design reviews and other InfoSec processes as application security expertise is required
- You will provide domain expertise for maturing of an enterprise secure code training program for developers and other critical partners
- You'll produce relevant application security metrics that demonstrate a continually improving application security posture
- You will be a hands-on technical manager, leading a team that develops and supports application security services consumed by product teams
- This position will utilize your technical expertise to deliver the next generation of software-defined security services and tools while integrating into product development processes
Education, Certifications and nice to have:
- 7 or more years of Information Technology and Security experience
- You have broad knowledge of IT Security technologies, process, techniques and a solid understanding of application security leading practices, including OWASP and CWE.
- Considerable experience in code reviews, business logic assessment, and testing
- Experience deploying cybersecurity solutions in a public cloud environment (IaaS, PaaS, SaaS)
- Familiar with application security tools like BurpSuite Pro, SAST, DAST, RASP, nmap, Metasploit, and Kali Linux, etc.
- Experience in 3rd-party testing tools such as Fortify, Veracode, WhiteHat, etc., is preferred
- Experience in secure coding and software development in various languages (C#,. NET, Java etc.)
- You have recent experience with Agile development/Scrum teams, and enthusiastically incorporate security stories/requirements into SDLC (CI/CD) with product owners/managers
- You have deep knowledge of software, application design and architecture
- You have substantial knowledge of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologies
- CISSP, CEH, GWAPT, or OSCP certifications are highly desired
- Bachelor’s degree (in Information Technology or a related discipline) or equivalent experience
CSAA Insurance Group offers many benefits, including:
- Comprehensive health care plans, including medical, dental, vision, and tax-deferred spending accounts.
- Employee assistance, healthy pregnancy and wellness programs.
- Paid time off, plus nine paid holidays and 24 hours of volunteer time off.
- 401(k) plus company matching up to 6% and a cash balance pension program.
- Paid training, tuition reimbursement, self-service training and career development opportunities.
Be part of a community that works:
At CSAA Insurance Group, we take pride in our values-based culture. Helping our employees have enriched lives and satisfying careers is how we work. Our employees appreciate the integrity and inclusion that is evident throughout our everyday interactions. We respect the diverse range of perspectives, backgrounds and cultures of our teams, and join together when it comes to helping our members, community or one another.
Headquartered in Walnut Creek, California, our community also works in Arizona, Colorado, Nevada, New Jersey and Oklahoma. Learn more about us at CSAA-Insurance.aaa.com/careers
Please submit your application to be considered. We communicate via email, so check your inbox to ensure you don’t miss important updates from us.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Must have authorization to work indefinitely in the US