Risk Management Solutions Application Security Engineer in Chicago, Illinois
Application Security Engineer
Application Security Engineer
RMS is the world's leader in providing analytics and decision science solutions for the quantification and management of catastrophic risks throughout the world. The software, models, and services of RMS are used by hundreds of insurance and reinsurance companies, hedge funds, corporations, and governments to assess a wide range of natural and man-made perils such as earthquake, flood, hurricane, windstorm, terrorism and pandemic disease.
The Application Security Engineer will be responsible for
Ensuring web applications, APIs and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001 and the RMS Information Security Policy
Designing and automating assessments through penetration testing and ethical hacking, then analyzing security risks and recommending mitigating and compensating security controls.
Working closely with engineering and QA to ensure security principles are enforced in all stages of the software development lifecycle
Participating in source code reviews and providing assessments of changes to application design and architecture prior to release to production
Working closely with cross-functional teams to embed security, logging, auditing, and support all applications hosted within the corporate and cloud environments
Performing assessments of security tools, vendors, and solutions to support information security roadmap initiatives
Help develop and deliver training around secure development lifecycle and secure coding practice
Performing internal penetration testing working closely with the quality engineering team to assess and prioritize discovered security issues and vulnerabilities
Maintain and support application security tools, including static and dynamic security analysis solutions, and develop related documentation
Minimum 2-3+ years of experience in Information Security with an emphasis on application security
At least one security certification is highly desired. OSCP or CEH strongly preferred.
Experience with the development, deployment, and automation of application security solutions in an enterprise cloud-based environment
Experience in DevOps environments and maintaining security in CI/CD processes highly desired
Understanding of Microsoft Azure architecture and services
Understanding of OWASP Top 10 and CWE/SANS Top 25
Demonstrated proficiency in ethical hacking and whitehat penetration testing techniques
Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2 a plus
Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.
Experience in creating detailed solution design documents & diagrams
Demonstrated experience in investigating security issues related to web application exploits, credential stealing, and authentication-based exploits
Demonstrated ability to facilitate automation and integration through scripting in Powershell, Python, Perl, etc, highly preferred.
Familiar with threat models for large, distributed systems and cloud-based SaaS infrastructure