Application Security Engineer
Application Security Engineer
Who is GR?
Guaranteed Rate is not your typical company and certainly not your typical mortgage company. We are technology driven, have tons of energy and we love what we do – great people and great products alongside our impeccable customer service (83 NPS, unheard of!). We’re in a River North office with exposed brick and duct work, windows we can actually open during the summer. The awesomeness doesn’t end there, we also have:
- Holiday parties? We got’em! Not just major holidays, any holiday….Mardi Gras, Valentine’s Day, St. Paddy’s Day, Opening Day, Boxing Day (for our Canadian employee), Sweetest Day, Groundhog Day, etc..
- Game room, library and white board paint for collaboration – yeah, it’s awesome.
- Access to our free GR nurse practitioner. Psshh who needs a doctor’s appointment when our nurse can do it all? Did we mention the free part?
- 401k with some matching, Blue Cross health care coverage – yup, dental and vision too, short-term disability, life insurance – we got ya covered on this one, legal assistance – for a small monthly fee.
- Oh and did we mention you get a big fat employee discount on the origination fees to get a new mortgage or refinance thru Guaranteed Rate?
- Ensure the security and technical compliance of Guaranteed Rate developed software
- Ensure the integrity of systems by maintaining logging and audit systems
- Perform incident response as necessary
- Build software security components that can be reused across a wide variety of applications
- Work directly with development teams to help justify and fix potential vulnerabilities
- Educate development teams on common software security issues through training and personal interactions
- Work with legal and compliance to ensure successful execution of the overall security strategy
- Work with business stakeholders to ensure security measures are creating a productive environment and adapting controls to promote productivity as well as security
- Bachelor’s degree in Computer Science/Engineering, Security, or a related technical field, or equivalent work experience.
- A solid grasp of computer networking
- At least 5 years of software development experience in more than one language and framework
- Strong knowledge of the OWASP Top 10 and other common software security knowledge indexes
- Strong knowledge of Windows, and Linux platforms
- Ability to understand and implement proper application of encryption
- Basic understanding of compliance and how it relates to information systems
- Solid written and verbal communication skills
- Assist in the security risk analysis for current and new systems and recommend solutions for reducing exposure areas
- Provide recommendations to mitigate risks through the appropriate use of technical, procedural, and administrative controls in accordance with legal and regulatory compliance standards and established industry best practice
- Ability to navigate and work effectively across a complex, geographically dispersed organization.
- Broad knowledge of Information Security technologies, techniques and processes
- Ability to explain technical problems in an understandable way to all employees
Product Experience and Necessary Skills
- Microsoft (Windows, SQL Server, Active Directory, .NET)
- Atlassian Products (JIRA, Confluence, HipChat, Insight)
- Incident Response
- Identity and Access Management
- JVM Runtime
- Threat Modeling
- OWASP Top 10